overview - home | nsfocus
Post on 16-Oct-2021
3 Views
Preview:
TRANSCRIPT
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Released September Patches to Fix 81 Security Vulnerabilities
Threat Alert
Overview
Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to
remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common
Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET
Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Yammer, Project
Rome, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows
Kernel, and Windows RDP.
Details can be found in the following table.
Product CVE ID CVE Title Severity Level
@NSFOCUS 2019 http://www.nsfocus.com
.NET Core CVE-2019-1301 .NET Core Denial-of-Service
Vulnerability Important
.NET Framework CVE-2019-1142 .NET Framework Privilege
Escalation Vulnerability Important
Active Directory CVE-2019-1273 Active Directory Federation
Services XSS Vulnerability Important
Adobe Flash Player ADV190022 September 2019 Adobe Flash
Security Update Critical
ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of
Privilege Vulnerability Important
Common Log File System Driver CVE-2019-1214
Windows Common Log File
System Driver Privilege Escalation
Vulnerability
Important
Common Log File System Driver CVE-2019-1282
Windows Common Log File
System Driver Information
Disclosure Vulnerability
Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Browsers CVE-2019-1220 Microsoft Browser Security Feature
Bypass Vulnerability Important
Microsoft Edge CVE-2019-1299
Microsoft Edge based on Edge
HTML Information Disclosure
Vulnerability
Important
Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange Denial-of-
Service Vulnerability Important
Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange Spoofing
Vulnerability Important
Microsoft Graphics Component CVE-2019-1216 DirectX Information Disclosure
Vulnerability Important
Microsoft Graphics Component CVE-2019-1244 DirectWrite Information Disclosure
Vulnerability Important
Microsoft Graphics Component CVE-2019-1245 DirectWrite Information Disclosure
Vulnerability Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Graphics Component CVE-2019-1251 DirectWrite Information Disclosure
Vulnerability Important
Microsoft Graphics Component CVE-2019-1252 Windows GDI Information
Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1283
Microsoft Graphics Components
Information Disclosure
Vulnerability
Important
Microsoft Graphics Component CVE-2019-1284 DirectX Privilege Escalation
Vulnerability Important
Microsoft Graphics Component CVE-2019-1286 Windows GDI Information
Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1241 Jet Database Engine Remote Code
Execution Vulnerability Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft JET Database Engine CVE-2019-1242 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1243 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1246 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1247 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1248 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1249 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1250 Jet Database Engine Remote Code
Execution Vulnerability Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Office CVE-2019-1297 Microsoft Excel Remote Code
Execution Vulnerability Important
Microsoft Office CVE-2019-1263 Microsoft Excel Information
Disclosure Vulnerability Important
Microsoft Office CVE-2019-1264 Microsoft Office Security Feature
Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint Remote Code
Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint Spoofing
Vulnerability Moderate
Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint Privilege
Escalation Vulnerability Important
Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint Spoofing
Vulnerability Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS
Vulnerability Important
Microsoft Office SharePoint CVE-2019-1295 Microsoft SharePoint Remote Code
Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-1296 Microsoft SharePoint Remote Code
Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine Memory
Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-1208 VBScript Remote Code Execution
Vulnerability
Critical
Microsoft Scripting Engine CVE-2019-1217 Chakra Scripting Engine Memory
Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1221 Scripting Engine Memory
Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1236 VBScript Remote Code Execution
Vulnerability Critical
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Scripting Engine CVE-2019-1237 Chakra Scripting Engine Memory
Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1298 Chakra Scripting Engine Memory
Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-1300 Chakra Scripting Engine Memory
Corruption Vulnerability Critical
Microsoft Windows CVE-2019-1215 Windows Privilege Escalation
Vulnerability Important
Microsoft Windows CVE-2019-1219
Windows Transaction Manager
Information Disclosure
Vulnerability
Important
Microsoft Windows CVE-2019-1267 Microsoft Compatibility Appraiser
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1268 Winlogon Privilege Escalation
Vulnerability Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Windows CVE-2019-1269 Windows ALPC Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2019-1270 Microsoft Windows Store Installer
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1271 Windows Media Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2019-1272 Windows ALPC Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2019-1235 Windows Text Service Framework
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1253 Windows Privilege Escalation
Vulnerability Important
Microsoft Windows CVE-2019-1277 Windows Audio Service Privilege
Escalation Vulnerability Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Windows CVE-2019-1278 Windows Privilege Escalation
Vulnerability Important
Microsoft Windows CVE-2019-1280 LNK Remote Code Execution
Vulnerability Critical
Microsoft Windows CVE-2019-1287
Windows Network Connectivity
Assistant Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2019-1289
Windows Update Delivery
Optimization Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2019-1292 Windows Denial-of-Service
Vulnerability Important
Microsoft Windows CVE-2019-1294 Windows Secure Boot Security
Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-1303 Windows Privilege Escalation
Vulnerability Important
@NSFOCUS 2019 http://www.nsfocus.com
Microsoft Yammer CVE-2019-1265 Microsoft Yammer Security
Feature Bypass Vulnerability Important
Project Rome CVE-2019-1231 Rome SDK Information Disclosure
Vlunerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 Information Disclosure
Vlunerability Important
Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-site
Scripting Vulnerability Important
Team Foundation Server CVE-2019-1306
Azure DevOps and Team
Foundation Server Remote Code
Execution Vulnerability
Critical
Visual Studio CVE-2019-1232
Diagnostics Hub Standard
Collector Service Privilege
Escalation Vulnerability
Important
@NSFOCUS 2019 http://www.nsfocus.com
Windows Hyper-V CVE-2019-0928 Windows Hyper-V Denial-of-
Service Vulnerability Important
Windows Hyper-V CVE-2019-1254 Windows Hyper-V Information
Disclosure Vulnerability Important
Windows Kernel CVE-2019-1274 Windows Kernel Information
Disclosure Vulnerability Important
Windows Kernel CVE-2019-1256 Win32k Privilege Escalation
Vulnerability Important
Windows Kernel CVE-2019-1285 Win32k Privilege Escalation
Vulnerability Important
Windows Kernel CVE-2019-1293
Windows SMB Client Driver
Information Disclosure
Vulnerability
Important
Windows RDP CVE-2019-0787 Remote Desktop Client Remote
Code Execution Vulnerability Critical
@NSFOCUS 2019 http://www.nsfocus.com
Windows RDP CVE-2019-0788 Remote Desktop Client Remote
Code Execution Vulnerability Critical
Windows RDP CVE-2019-1290 Remote Desktop Client Remote
Code Execution Vulnerability Critical
Windows RDP CVE-2019-1291 Remote Desktop Client Remote
Code Execution Vulnerability Critical
Recommended Mitigation Measures
Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.
@NSFOCUS 2019 http://www.nsfocus.com
Appendix
ADV190022 - September 2019 Adobe Flash Security Update
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
ADV19002
2
MITRE
NVD
CVE Title: September 2019 Adobe Flash Security Update
Description:
This security update addresses the following vulnerability, which is described in Adobe Security Bulletin
APSB19-46: CVE-2019-8069 and CVE-2019-8070.
.
FAQ:
How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is
using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed
to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the
website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application
or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of
compromised websites and websites that accept or host user-provided content or advertisements. These
Critical
Remote
Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases,
however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an
attacker would have to convince users to take action, typically by clicking a link in an email message or in
an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent
through email.
In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an
attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An
attacker could then host a website that contains specially crafted Flash content designed to exploit any of
these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker
would have no way to force users to view the attacker-controlled content. Instead, an attacker would have
to convince users to take action, typically by clicking a link in an email message or in an Instant
Messenger message that takes users to the attacker's website, or by opening an attachment sent through
email. For more information about Internet Explorer and the CV List, please see the MSDN Article,
Developer Guidance for websites with content for Adobe Flash Player in Windows 8.
Mitigations:
Workarounds:
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
Workaround refers to a setting or configuration change that would help block known attack vectors before
you apply the update.
Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe Flash Player in
Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office
2010, by setting the kill bit for the control in the registry.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from
using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for the control in
the registry, perform the following steps:
1. Paste the following into a text file and save it with the .reg file extension.
2. Windows Registry Editor Version 5.00
3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
4. "Compatibility Flags"=dword:00000400
5.
6. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX
Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
7. "Compatibility Flags"=dword:00000400
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
8. Double-click the .reg file to apply it to an individual system.
You can also apply this workaround across domains by using Group Policy. For more information
about Group Policy, see the TechNet article, Group Policy collection.
Note You must restart Internet Explorer for your changes to take effect. Impact of workaround. There is
no impact as long as the object is not intended to be used in Internet Explorer. How to undo the
workaround. Delete the registry keys that were added in implementing this workaround. Prevent Adobe
Flash Player from running in Internet Explorer through Group Policy Note The Group Policy MMC
snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For
more information about Group Policy, visit the following Microsoft Web sites:
Group Policy Overview What is Group Policy Object Editor? Core Group Policy tools and settings
To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps:
Note This workaround does not prevent Flash from being invoked from other applications, such as
Microsoft Office 2007 or Microsoft Office 2010.
1. Open the Group Policy Management Console and configure the console to work with the
appropriate Group Policy object, such as local machine, OU, or domain GPO.
2. Navigate to the following node: Administrative Templates -> Windows Components ->
Internet Explorer -> Security Features -> Add-on Management
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications from using
Internet Explorer technology to instantiate Flash objects.
4. Change the setting to Enabled.
5. Click Apply and then click OK to return to the Group Policy Management Console.
6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval
for the settings to take effect. Prevent Adobe Flash Player from running in Office 2010 on
affected systems Note This workaround does not prevent Adobe Flash Player from running in
Internet Explorer. Warning If you use Registry Editor incorrectly, you may cause serious problems
that may require you to reinstall your operating system. Microsoft cannot guarantee that you can
solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk. For detailed steps that you can use to prevent a control from running in Internet Explorer, see
Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility
Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.
To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash
Player in the registry using the following steps:
1. Create a text file named Disable_Flash.reg with the following contents:
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D
27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
2. Double-click the .reg file to apply it to an individual system.
3. Note You must restart Internet Explorer for your changes to take effect. You can also apply this
workaround across domains by using Group Policy. For more information about Group Policy, see
the TechNet article, Group Policy collection. Prevent ActiveX controls from running in Office
2007 and Office 2010
To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe
Flash Player in Internet Explorer, perform the following steps:
1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without
notifications.
3. Click OK to save your settings. Impact of workaround. Office documents that use embedded
ActiveX controls may not display as intended. How to undo the workaround.
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following
steps:
1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without
notifications.
3. Click OK to save your settings. Set Internet and Local intranet security zone settings to "High"
to block ActiveX Controls and Active Scripting in these zones You can help protect against
exploitation of these vulnerabilities by changing your settings for the Internet security zone to
block ActiveX controls and Active Scripting. You can do this by setting your browser security to
High.
To raise the browsing security level in Internet Explorer, perform the following steps:
1. On the Internet Explorer Tools menu, click** Internet Option**s.
2. In the Internet Options dialog box, click the Security tab, and then click Internet.
3. Under Security level for this zone, move the slider to High. This sets the security level for all
websites you visit to High.
4. Click Local intranet.
5. Under Security level for this zone, move the slider to High. This sets the security level for all
websites you visit to High.
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
6. Click OK to accept the changes and return to Internet Explorer. Note If no slider is visible, click
Default Level, and then move the slider to High. Note Setting the level to High may cause some
websites to work incorrectly. If you have difficulty using a website after you change this setting,
and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will
allow the site to work correctly even with the security setting set to High. Impact of workaround.
There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the
Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For
example, an online e-commerce site or banking site may use ActiveX Controls to provide menus,
ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a
global setting that affects all Internet and intranet sites. If you do not want to block ActiveX
Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the
Internet Explorer Trusted sites zone". Configure Internet Explorer to prompt before running
Active Scripting or to disable Active Scripting in the Internet and Local intranet security
zone
You can help protect against exploitation of these vulnerabilities by changing your settings to prompt
before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security
zone. To do this, perform the following steps:
1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Security tab.
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
3. Click Internet, and then click Custom Level.
4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and
then click OK.
5. Click Local intranet, and then click Custom Level.
6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and
then click OK.
7. Click OK to return to Internet Explorer, and then click OK again. Note Disabling Active Scripting
in the Internet and Local intranet security zones may cause some websites to work incorrectly. If
you have difficulty using a website after you change this setting, and you are sure the site is safe to
use, you can add that site to your list of trusted sites. This will allow the site to work correctly.
Impact of workaround. There are side effects to prompting before running Active Scripting.
Many websites that are on the Internet or on an intranet use Active Scripting to provide additional
functionality. For example, an online e-commerce site or banking site may use Active Scripting to
provide menus, ordering forms, or even account statements. Prompting before running Active
Scripting is a global setting that affects all Internet and intranet sites. You will be prompted
frequently when you enable this workaround. For each prompt, if you feel you trust the site that
you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these
sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".
Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet
Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted
sites zone. This will allow you to continue to use trusted websites exactly as you do today, while
helping to protect you from this attack on untrusted sites. We recommend that you add only sites
that you trust to the Trusted sites zone.
To do this, perform the following steps:
1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
2. In the Select a web content zone to specify its current security settings box, click Trusted Sites,
and then click Sites.
3. If you want to add sites that do not require an encrypted channel, click to clear the Require server
verification (https:) for all sites in this zone check box.
4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.
5. Repeat these steps for each site that you want to add to the zone.
6. Click OK two times to accept the changes and return to Internet Explorer. Note Add any sites that
you trust not to take malicious action on your system. Two sites in particular that you may want to
add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that
will host the update, and they require an ActiveX control to install the update.
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
ADV190022
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Adobe Flash Player on Windows Server 2012
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV190022
Adobe Flash Player on Windows 8.1 for 32-bit
systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for x64-
based systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2012 R2
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows RT 8.1
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for 32-bit
Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for x64-
based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal: Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV190022
N/A
Vector: N/A
Adobe Flash Player on Windows Server 2016
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1607 for 32-bit Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1607 for x64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1703 for 32-bit Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1703 for x64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV190022
Adobe Flash Player on Windows 10 Version
1709 for 32-bit Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1709 for x64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1803 for 32-bit Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1803 for x64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1803 for ARM64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1809 for 32-bit Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal: Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV190022
N/A
Vector: N/A
Adobe Flash Player on Windows 10 Version
1809 for x64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1809 for ARM64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2019
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1709 for ARM64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1903 for 32-bit Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV190022
Adobe Flash Player on Windows 10 Version
1903 for x64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version
1903 for ARM64-based Systems
4516115 Security
Update
Critical Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
ADV990001 - Latest Servicing Stack Updates
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
ADV990001
MITRE
NVD
CVE Title: Latest Servicing Stack Updates
Description:
This is a list of the latest servicing stack updates for each operating system. This list will be
updated whenever a new servicing stack update is released. It is important to install the latest
servicing stack update.
FAQ:
Critical Defense in
Depth
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
1. Why are all of the Servicing Stack Updates (SSU) critical updates?
The SSUs are classified as Critical updates. This does not indicate that there is a critical
vulnerability being addressed in the update.
2. When was the most recent SSU released for each version of Microsoft Windows?
Please refer to the following table for the most recent SSU release. We will update the entries
any time a new SSU is released:
Product SSU Package Date Released
Windows Server 2008 4517134 September 2019
Windows 7/Server 2008 R2 4516655 September 2019
Windows Server 2012 4512939 September 2019
Windows 8.1/Server 2012 R2 4512938 September 2019
Windows 10 4512573 September 2019
Windows 10 Version 1607/Server 2016 4512574 September 2019
Windows 10 Version 1703 4511839 September 2019
Windows 10 1709 4512575 September 2019
Windows 10 1803/Windows Server, version 1803 4512576 September 2019
Windows 10 1809/Server 2019 4512577 September 2019
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Windows 10 1903/Windows Server, version 1903 4515383 September 2019
Mitigations:
None
Workarounds:
None
Revision:
9.0 06/11/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 version 1607, Windows Server
2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section for more
information.
10.0 06/14/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server,
version 1903 (Server Core installation). See the FAQ section for more information.
12.0 07/24/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server
2019. See the FAQ section for more information.
8.0 05/14/2019 07:00:00
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10 version
1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version 1709, Windows
Server, version 1709, Windows 10 version 1803, Windows Server, version 1803, Windows 10
version 1809, Windows Server 2019, Windows 10 version 1809 and Windows Server, version
1809. See the FAQ section for more information.
1.2 12/03/2018 08:00:00
FAQs have been added to further explain Security Stack Updates. The FAQs include a table that
indicates the most recent SSU release for each Windows version. This is an informational
change only.
3.2 12/12/2018 08:00:00
Fixed a typo in the FAQ.
7.0 04/09/2019 07:00:00
A Servicing Stack Update has been released for Windows Server 2008 and Windows Server
2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019, and Windows
Server 2019 (Server Core installation). See the FAQ section for more information.
3.1 12/11/2018 08:00:00
Updated supersedence information. This is an informational change only.
6.0 03/12/2019 07:00:00
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
A Servicing Stack Update has been released for Windows 7 and Windows Server 2008 R2 and
Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information.
1.1 11/14/2018 08:00:00
Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational
change only.
1.0 11/13/2018 08:00:00
Information published.
13.0 07/26/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server,
version 1903 (Server Core installation). See the FAQ section for more information.
4.0 01/08/2019 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section
for more information.
5.1 02/13/2019 08:00:00
In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10
Version 1809 for x64-based Systems to 4470788. This is an informational change only.
14.0 09/10/2019 07:00:00
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ
section for more information.
3.0 12/11/2018 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server,
version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server,
version 1803 (Server Core Installation). See the FAQ section for more information.
5.0 02/12/2019 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1607, Windows Server
2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703;
Windows 10 Version 1709 and Windows Server, version 1709 (Server Core Installation);
Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See
the FAQ section for more information.
2.0 12/05/2018 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server
2019. See the FAQ section for more information.
11.0 07/09/2019 07:00:00
A Servicing Stack Update has been released for all supported versions of Windows 10 (including
Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2 and Windows Server
2012. See the FAQ section for more information.
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
5.2 02/14/2019 08:00:00
In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10
Version 1803 for x64-based Systems to 4485449. This is an informational change only.
Affected Software
The following tables list the affected software details for the vulnerability.
ADV990001
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Windows 7 for 32-bit Systems Service Pack 1
4516655 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 7 for x64-based Systems Service Pack 1
4516655 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal: Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV990001
N/A
Vector: N/A
Windows Server 2008 R2 for x64-based Systems
Service Pack 1 (Server Core installation)
4516655 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 R2 for Itanium-Based
Systems Service Pack 1
4516655 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 R2 for x64-based Systems
Service Pack 1
4516655 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for 32-bit Systems Service
Pack 2 (Server Core installation)
4517134 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012
4512939 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV990001
Windows Server 2012 (Server Core installation)
4512939 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 8.1 for 32-bit systems
4512938 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 8.1 for x64-based systems
4512938 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012 R2
4512938 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012 R2 (Server Core installation)
4512938 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 for 32-bit Systems
4512573 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal: Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV990001
N/A
Vector: N/A
Windows 10 for x64-based Systems
4512573 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2016
4512574 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1607 for 32-bit Systems
4512574 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1607 for x64-based Systems
4512574 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2016 (Server Core installation)
4512574 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV990001
Windows 10 Version 1703 for 32-bit Systems
4511839 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1703 for x64-based Systems
4511839 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for 32-bit Systems
4512575 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for x64-based Systems
4512575 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for 32-bit Systems
4512576 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based Systems
4512576 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal: Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV990001
N/A
Vector: N/A
Windows Server, version 1803 (Server Core
Installation)
4512576 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for ARM64-based
Systems
4512576 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1809 for 32-bit Systems
4512577 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1809 for x64-based Systems
4512577 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1809 for ARM64-based
Systems
4512577 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV990001
Windows Server 2019
4512577 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2019 (Server Core installation)
4512577 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for ARM64-based
Systems
4512575 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1903 for 32-bit Systems
4515383 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1903 for x64-based Systems
4515383 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1903 for ARM64-based
Systems
4515383 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal: Yes
@NSFOCUS 2019 http://www.nsfocus.com
ADV990001
N/A
Vector: N/A
Windows Server, version 1903 (Server Core
installation)
4515383 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for Itanium-Based Systems
Service Pack 2
4517134 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for 32-bit Systems Service
Pack 2
4517134 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems
Service Pack 2
4517134 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems
Service Pack 2 (Server Core installation)
4517134 Servicing
Stack Update
Critical Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0787 - Remote Desktop Client Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
0787
MITRE
NVD
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user
connects to a malicious server. An attacker who successfully exploited this vulnerability could
execute arbitrary code on the computer of the connecting client. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to have control of a server and then convince
a user to connect to it. An attacker would have no way of forcing a user to connect to the
malicious server, they would need to trick the user into connecting via social engineering, DNS
poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a
legitimate server, host malicious code on it, and wait for the user to connect.
The update addresses the vulnerability by correcting how the Windows Remote Desktop Client
handles connection requests.
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0787
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0787
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0787
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for 32-
bit Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0787
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for 32-
bit Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for 32-
bit Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0787
Windows
10 Version
1803 for 32-
bit Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for 32-
bit Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0787
x64-based
Systems
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for 32-
bit Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0787
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-0788 - Remote Desktop Client Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
0788
MITRE
NVD
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user
connects to a malicious server. An attacker who successfully exploited this vulnerability could
execute arbitrary code on the computer of the connecting client. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
To exploit this vulnerability, an attacker would need to have control of a server and then convince
a user to connect to it. An attacker would have no way of forcing a user to connect to the
malicious server, they would need to trick the user into connecting via social engineering, DNS
poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a
legitimate server, host malicious code on it, and wait for the user to connect.
The update addresses the vulnerability by correcting how the Windows Remote Desktop Client
handles connection requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0788
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0788
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for 32-
bit Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0788
Windows
10 Version
1703 for 32-
bit Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for 32-
bit Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for 32-
bit Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0788
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for 32-
bit Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security Critical
Remote
Code
Execution
4511553 Base: 7.5
Temporal: 6.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0788
ARM64-
based
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for 32-
bit Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0788
based
Systems
CVE-2019-0928 - Windows Hyper-V Denial of Service Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
0928
MITRE
NVD
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly
validate input from a privileged user on a guest operating system. To exploit the vulnerability, an
attacker who already has a privileged account on a guest operating system, running as a virtual
machine, could run a specially crafted application that causes a host machine to crash.
To exploit the vulnerability, an attacker who already has a privileged account on a guest operating
system, running as a virtual machine, could run a specially crafted application.
The security update addresses the vulnerability by resolving a number of conditions where Hyper-
V would fail to prevent a guest operating system from sending malicious requests.
FAQ:
Important Denial of
Service
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0928
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0928
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Denial
of
Service
4512497
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Denial
of
Service
4512517
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Denial
of
Service
4512517
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Denial
of
Service
4512517
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Denial
of
Service
4512507
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
4516066
Security Important
Denial
of
Service
4512516 Base: 5.4
Temporal: 4.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-0928
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Denial
of
Service
4512501
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Denial
of
Service
4512501
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1138 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1138
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles
objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that
Moderate Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
an attacker could execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as the current user. If the
current user is logged on with administrative user rights, an attacker who successfully exploited
the vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed
to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
The attacker could also take advantage of compromised websites and websites that accept or host
user-provided content or advertisements. These websites could contain specially crafted content
that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the Chakra scripting engine
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1138
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1138
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1703
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1138
for 32-bit
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1138
Version 1709
for x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1138
Windows 10
Version 1803
for ARM64-
based Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
4512578
Security Critical
Remote
Code
Execution
4511553 Base: 4.2
Temporal: 3.8 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1138
based) on
Windows 10
Version 1809
for ARM64-
based Systems
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1709
for ARM64-
based Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1138
Windows 10
Version 1903
for 32-bit
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for ARM64-
based Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCore
Release
Notes
Security
Critical
Remote
Code
Execution
4512508 Base: 4.2
Temporal: 3.8 Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1138
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
CVE-2019-1142 - .NET Framework Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1142
MITRE
NVD
CVE Title: .NET Framework Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the .NET Framework common language
runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited
this vulnerability could write files to folders that require higher privileges than what the attacker
already has.
To exploit the vulnerability, an attacker would need to log into a system. The attacker could then
specify the targeted folder and trigger an affected process to run.
The update addresses the vulnerability correcting how the .NET Framework CLR process logs
data.
FAQ:
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
There are two updates for .NET Framework 3.5 installed on Windows 10 version 1809 and
Windows Server 2019. How do I know which update I need to install?
The security updates for Windows 10 version 1809 and Windows Server 2019 include both .NET
Framework 3.5 and 4.7.2 or 4.8. Customers running these versions of Windows 10 need to
determine if they are also running .NET Framework 4.7.2 or .NET Framework 4.8. Install the
security update that includes that second version of .NET Framework.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1142
Product KB Article Severity Impact Supersedence CVSS
Score Set
Restart
Required
Microsoft .NET Framework 4.5.2 on Windows Server 2012
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012
(Server Core installation)
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-
bit systems
4514599
Security Only
4514604
Monthly
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Rollup
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-
based systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012
R2
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows RT 8.1
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012
R2 (Server Core installation)
4514599
Security Only
4514604
Monthly
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Rollup
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
on Windows Server 2012
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
on Windows Server 2012 (Server Core installation)
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
on Windows 8.1 for 32-bit systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
on Windows 8.1 for x64-based systems
4514599
Security Only
4514604
Important Elevation of
Privilege
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Monthly
Rollup
N/A
Vector: N/A
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
on Windows Server 2012 R2
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
on Windows RT 8.1
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
on Windows Server 2012 R2 (Server Core installation)
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server 2012
4514598
Security Only
4514603
Monthly
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Rollup
Microsoft .NET Framework 4.8 on Windows Server 2012
(Server Core installation)
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit
systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 8.1 for x64-
based systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server 2012
R2
4514599
Security Only
4514604
Important Elevation of
Privilege
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Monthly
Rollup
N/A
Vector: N/A
Microsoft .NET Framework 4.8 on Windows RT 8.1
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server 2012
R2 (Server Core installation)
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server 2016
4514354
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version
1607 for 32-bit Systems
4514354
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version
1607 for x64-based Systems
4514354
Security Important
Elevation of
Privilege
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Update
N/A
Vector: N/A
Microsoft .NET Framework 4.8 on Windows Server 2016
(Server Core installation)
4514354
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version
1703 for 32-bit Systems
4514355
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version
1703 for x64-based Systems
4514355
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version
1709 for 32-bit Systems
4514356
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version
1709 for x64-based Systems
4514356
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 4.8 on Windows 10 Version
1803 for 32-bit Systems
4514357
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version
1803 for x64-based Systems
4514357
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server,
version 1803 (Server Core Installation)
4516058
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10
Version 1809 for 32-bit Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10
Version 1809 for x64-based Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows
Server 2019
4514601
Security Important
Elevation of
Privilege 4512501
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Update
N/A
Vector: N/A
Microsoft .NET Framework 3.5 AND 4.8 on Windows
Server 2019 (Server Core installation)
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10
Version 1903 for 32-bit Systems
4514359
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10
Version 1903 for x64-based Systems
4514359
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows
Server, version 1903 (Server Core installation)
4514359
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10
Version 1809 for 32-bit Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10
Version 1809 for x64-based Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows
Server 2019
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows
Server 2019 (Server Core installation)
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012
(Server Core installation)
4514598
Security Only
4514603
Monthly
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Rollup
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit
systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-
based systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012
R2
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012
R2 (Server Core installation)
4514599
Security Only
4514604
Important Elevation of
Privilege 4512501
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Monthly
Rollup
N/A
Vector: N/A
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit
Systems
4516070
Security
Update
Important Elevation of
Privilege 4512497
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 for x64-
based Systems
4516070
Security
Update
Important Elevation of
Privilege 4512497
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server 2016
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version
1607 for 32-bit Systems
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version
1607 for x64-based Systems
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 3.5 on Windows Server 2016
(Server Core installation)
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version
1703 for 32-bit Systems
4516068
Security
Update
Important Elevation of
Privilege 4512507
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version
1703 for x64-based Systems
4516068
Security
Update
Important Elevation of
Privilege 4512507
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version
1709 for 32-bit Systems
4516066
Security
Update
Important Elevation of
Privilege 4512516
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version
1709 for x64-based Systems
4516066
Security
Update
Important Elevation of
Privilege 4512516
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version
1803 for 32-bit Systems
4516058
Security Important
Elevation of
Privilege 4512501
Base: N/A
Temporal: Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1142
Update
N/A
Vector: N/A
Microsoft .NET Framework 3.5 on Windows 10 Version
1803 for x64-based Systems
4516058
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server,
version 1803 (Server Core Installation)
4516058
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
CVE-2019-1208 - VBScript Remote Code Execution Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1208
MITRE
NVD
CVE Title: VBScript Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects
in memory. The vulnerability could corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user. An attacker who successfully exploited the
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
vulnerability could gain the same user rights as the current user. If the current user is logged on
with administrative user rights, an attacker who successfully exploited the vulnerability could
take control of an affected system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed
to exploit the vulnerability through Internet Explorer and then convince a user to view the
website. An attacker could also embed an ActiveX control marked "safe for initialization" in an
application or Microsoft Office document that hosts the IE rendering engine. The attacker could
also take advantage of compromised websites and websites that accept or host user-provided
content or advertisements. These websites could contain specially crafted content that could
exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1208
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Internet
Explorer 9
on
Windows
Server
2008 for
32-bit
4516026
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
Systems
Service
Pack 2
Internet
Explorer 9
on
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
7 for 32-
bit
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
Internet
Explorer
11 on
Windows
7 for x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2008 R2
for x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872 Base: 6.4
Temporal: 5.8 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
Windows
Server
2012
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Internet
Explorer
11 on
Windows
8.1 for 32-
bit
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
x64-based
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2012 R2
4516067
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
Internet
Explorer
11 on
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for 32-
bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
x64-based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
Server
2016
Internet
Explorer
11 on
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
1703 for
32-bit
Systems
Internet
Explorer
11 on
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
10 Version
1709 for
x64-based
Systems
Internet
Explorer
11 on
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
4516058
Security Critical
Remote
Code
Execution
4512501 Base: 7.5
Temporal: 6.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
Windows
10 Version
1803 for
ARM64-
based
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Internet
Explorer
11 on
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
Internet
Explorer
11 on
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1709 for
ARM64-
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
based
Systems
Internet
Explorer
11 on
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1208
1903 for
ARM64-
based
Systems
Internet
Explorer
10 on
Windows
Server
2012
4516055
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1209 - Lync 2013 Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1209
MITRE
NVD
CVE Title: Lync 2013 Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it could
read arbitrary files on the victim's machine. Â To exploit the vulnerability, an attacker needs to
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
instantiate a conference and modify the meeting link with malicious content and send the link to
a victim.
The update addresses the vulnerability by changing how the URL is being resolved.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is unauthorized file system access - reading from the file system.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1209
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Lync Server 2013 4515509 Security Update
Important Information Disclosure
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-1214 - Windows Common Log File System Driver Elevation of
Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1214
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Description: Important
Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An elevation of privilege vulnerability exists when the Windows Common Log File System
(CLFS) driver improperly handles objects in memory. An attacker who successfully exploited
this vulnerability could run processes in an elevated context.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a
specially crafted application to take control over the affected system.
The security update addresses the vulnerability by correcting how CLFS handles objects in
memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1214
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
4516033
Security
Only
4516065
Monthly
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Service Pack
1
Rollup
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Only
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
4516066
Security Important
Elevation
of
Privilege
4512516 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
based
Systems
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1214
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1215 - Windows Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1215
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles
objects in memory. An attacker who successfully exploited the vulnerability could execute
code with elevated privileges.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted
application.
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4516026
Monthly
Rollup
4516051
Security
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
Core
installation)
Only
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
Rollup
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security Important
Elevation
of
Privilege
4512508 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1215
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1216 - DirectX Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1216
MITRE
NVD
CVE Title: DirectX Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectX improperly handles objects in
memory. An attacker who successfully exploited this vulnerability could obtain information to
further compromise the user’s system.
An authenticated attacker could exploit this vulnerability by running a specially crafted
application.
The update addresses the vulnerability by correcting how DirectX handles objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel
memory from a user mode process.
Mitigations:
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1216
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1216
Rollup
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
4516033
Security
Only
4516065
Monthly
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1216
Systems
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1216
Only
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1216
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1216
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1217 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1217
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles
objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that
an attacker could execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as the current user. If the
current user is logged on with administrative user rights, an attacker who successfully exploited
the vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed
to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
The attacker could also take advantage of compromised websites and websites that accept or host
user-provided content or advertisements. These websites could contain specially crafted content
that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the Chakra scripting engine
handles objects in memory.
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1217
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1217
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1217
for ARM64-
based Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1217
Version 1809
for ARM64-
based Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1217
for x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for ARM64-
based Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219 - Windows Transaction Manager Information Disclosure
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1219
MITRE
NVD
CVE Title: Windows Transaction Manager Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows Transaction Manager
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could potentially read data that was not intended to be disclosed.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a
specially crafted application.
The security update addresses the vulnerability by correcting how the Transaction Manager
handles objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1219
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
4516033
Security Important
Information
Disclosure 4512506
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
Systems
Service Pack
1
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516033
Security Important
Information
Disclosure 4512506
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
R2 for
Itanium-
Based
Systems
Service Pack
1
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly Important
Information
Disclosure 4512518
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
Rollup
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
Monthly
Rollup
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security Important
Information
Disclosure 4512517
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
(Server Core
installation)
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4516058
Security Important
Information
Disclosure 4512501
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
1803 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
based
Systems
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516026
Monthly Important
Information
Disclosure 4512476
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1219
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
Rollup
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVE-2019-1220 - Microsoft Browser Security Feature Bypass Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1220
MITRE
NVD
CVE Title: Microsoft Browser Security Feature Bypass Vulnerability
Description:
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the
correct Security Zone of requests for specific URLs. This could allow an attacker to cause a
user to access a URL in a less restricted Internet Security Zone than intended.
To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted
URL to a victim and convince them to click on it.
Important Security Feature
Bypass
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The security update addresses the vulnerability by correcting security feature behavior to
properly map affected URLs to the correct Security Zone.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Internet
Explorer 9 on
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516046
IE
Cumulative
Low
Security
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 9 on
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516046
IE
Cumulative
Low
Security
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
7 for 32-bit
Systems
4516065
Monthly
Rollup
4516046
IE
Important
Security
Feature
Bypass
4511872
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Service Pack
1
Cumulative
Internet
Explorer 11
on Windows
7 for x64-
based
Systems
Service Pack
1
4516065
Monthly
Rollup
4516046
IE
Cumulative
Important
Security
Feature
Bypass
4511872
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516065
Monthly
Rollup
4516046
IE
Cumulative
Low
Security
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
Server 2012
4516046
IE
Cumulative
Low
Security
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Internet
Explorer 11
on Windows
8.1 for 32-bit
systems
4516067
Monthly
Rollup
4516046
IE
Cumulative
Important
Security
Feature
Bypass
4511872
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
8.1 for x64-
based
systems
4516067
Monthly
Rollup
4516046
IE
Cumulative
Important
Security
Feature
Bypass
4511872
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
Server 2012
R2
4516067
Monthly
Rollup
4516046
IE
Cumulative
Low
Security
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Internet
Explorer 11
on Windows
RT 8.1
4516067
Monthly
Rollup
Important
Security
Feature
Bypass
4512488
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 for 32-bit
Systems
4516070
Security
Update
Important
Security
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 for x64-
based
Systems
4516070
Security
Update
Important
Security
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
Server 2016
4516044
Security
Update
Low
Security
Feature
Bypass
4512517
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
4516044
Security
Update
Important
Security
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
1607 for 32-
bit Systems
Internet
Explorer 11
on Windows
10 Version
1607 for x64-
based
Systems
4516044
Security
Update
Important
Security
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Security
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1703 for x64-
based
Systems
4516068
Security
Update
Important
Security
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Internet
Explorer 11
on Windows
10 Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Security
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1709 for x64-
based
Systems
4516066
Security
Update
Important
Security
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Security
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
4516058
Security
Update
Important
Security
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
1803 for x64-
based
Systems
Internet
Explorer 11
on Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Security
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Security
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1809 for x64-
4512578
Security
Update
Important
Security
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
based
Systems
Internet
Explorer 11
on Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Security
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
Server 2019
4512578
Security
Update
Low
Security
Feature
Bypass
4511553
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Security
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Internet
Explorer 11
on Windows
10 Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Security
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1903 for x64-
based
Systems
4515384
Security
Update
Important
Security
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Security
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Internet
Explorer 10
on Windows
Server 2012
4516055
Monthly
Rollup
4516046
IE
Cumulative
Low
Security
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Security
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Security
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2016
4516044
Security
Update
Low
Security
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Security
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Security
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Security
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Security
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1709
4516066
Security
Update
Important
Security
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
for 32-bit
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Security
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Security
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
4516058
Security
Update
Important
Security
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Version 1803
for x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Security
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Security
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
4512578
Security Important
Security
Feature
Bypass
4511553 Base: 4.3
Temporal: 3.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
based) on
Windows 10
Version 1809
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Security
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Low
Security
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
4516066
Security Important
Security
Feature
Bypass
4512516 Base: 4.3
Temporal: 3.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
based) on
Windows 10
Version 1709
for ARM64-
based
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Security
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Security
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1220
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Security
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
CVE-2019-1221 - Scripting Engine Memory Corruption Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1221
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects
in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an
attacker could execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as the current user. If the
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
current user is logged on with administrative user rights, an attacker who successfully exploited
the vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed
to exploit the vulnerability through Internet Explorer and then convince a user to view the
website. An attacker could also embed an ActiveX control marked "safe for initialization" in an
application or Microsoft Office document that hosts the IE rendering engine. The attacker could
also take advantage of compromised websites and websites that accept or host user-provided
content or advertisements. These websites could contain specially crafted content that could
exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1221
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Internet
Explorer
11 on
Windows
7 for 32-
bit
Systems
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Service
Pack 1
Internet
Explorer
11 on
Windows
7 for x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2008 R2
for x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Internet
Explorer
11 on
Windows
Server
2012
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for 32-
bit
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
x64-based
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
4516067
Monthly
Rollup
Moderate
Remote
Code
Execution
4511872 Base: 6.4
Temporal: 5.8 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Windows
Server
2012 R2
4516046 IE
Cumulative
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Internet
Explorer
11 on
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for 32-
bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
x64-based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Internet
Explorer
11 on
Windows
Server
2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Internet
Explorer
11 on
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1709 for
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
32-bit
Systems
Internet
Explorer
11 on
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
1803 for
x64-based
Systems
Internet
Explorer
11 on
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
4512578
Security Critical
Remote
Code
Execution
4511553 Base: 7.5
Temporal: 6.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Windows
10 Version
1809 for
x64-based
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Internet
Explorer
11 on
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
4516066
Security Critical
Remote
Code
Execution
4512516 Base: 7.5
Temporal: 6.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Windows
10 Version
1709 for
ARM64-
based
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Internet
Explorer
11 on
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1221
Internet
Explorer
11 on
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1231 - Rome SDK Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1231
MITRE
NVD
CVE Title: Rome SDK Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS
certificate validation. This vulnerability allows an unauthenticated attacker to establish
connection with an invalid SSL/TLS server certificate.
To exploit this, an attacker would have to Man-In-The-Middle to intercept an established
connection.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
This security update addresses the issue by handling server SSL/TLS certificate validation
correctly.
FAQ:
What versions of the Project Rome SDK are affected by this vulnerability?
Version 1.4.0 and all previous versions of the SDK are affected. Version 1.4.1 does not have
the vulnerability.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1231
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Rome SDK 1.4.1 Release Notes Security Update
Important Information Disclosure
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-1232 - Diagnostics Hub Standard Collector Service Elevation of
Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1232
MITRE
NVD
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Description: Important
Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector
Service improperly impersonates certain file operations. An attacker who successfully
exploited this vulnerability could gain elevated privileges.
An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.
The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard
Collector Service properly impersonates file operations.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1232
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Visual Studio
2015 Update
3
4513696
Security
Update
Important
Elevation
of
Privilege
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1232
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
4516066
Security Important
Elevation
of
Privilege
4512516 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1232
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1232
based
Systems
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1232
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Visual Studio
2017 version
15.9
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512516
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1232
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Visual Studio
2017 version
15.0
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Visual Studio
2019 version
16.0
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Visual Studio
2019 version
16.2
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1233 - Microsoft Exchange Denial of Service Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1233
MITRE
NVD
CVE Title: Microsoft Exchange Denial of Service Vulnerability
Description:
A denial of service vulnerability exists in Microsoft Exchange Server software when the
software fails to properly handle objects in memory. An attacker who successfully exploited the
vulnerability could cause a remote denial of service against a system.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable
Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange Server
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Important Denial of
Service
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1233
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Exchange Server 2016 Cumulative
Update 12
4515832 Security
Update
Important Denial of
Service 4509409
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019 Cumulative
Update 1
4515832 Security
Update
Important Denial of
Service 4509408
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019 Cumulative
Update 2
4515832 Security
Update
Important Denial of
Service 4509408
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1233
Microsoft Exchange Server 2016 Cumulative
Update 13
4515832 Security
Update
Important Denial of
Service 4509409
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-1235 - Windows Text Service Framework Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1235
MITRE
NVD
CVE Title: Windows Text Service Framework Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when
the TSF server process does not validate the source of input or commands it receives. An attacker
who successfully exploited this vulnerability could inject commands or read input sent through a
malicious Input Method Editor (IME). This only affects systems that have installed an IME.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and take control
of an affected system.
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The security update addresses this vulnerability by correcting how the TSF server and client
validate input from each other.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4516026
Monthly
Rollup
4516051
Security
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
Core
installation)
Only
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
Rollup
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security Important
Elevation
of
Privilege
4512508 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1235
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236 - VBScript Remote Code Execution Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1236
MITRE
NVD
CVE Title: VBScript Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects
in memory. The vulnerability could corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user. An attacker who successfully exploited the
vulnerability could gain the same user rights as the current user. If the current user is logged on
with administrative user rights, an attacker who successfully exploited the vulnerability could
take control of an affected system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed
to exploit the vulnerability through Internet Explorer and then convince a user to view the
website. An attacker could also embed an ActiveX control marked "safe for initialization" in an
application or Microsoft Office document that hosts the IE rendering engine. The attacker could
also take advantage of compromised websites and websites that accept or host user-provided
content or advertisements. These websites could contain specially crafted content that could
exploit the vulnerability.
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The security update addresses the vulnerability by modifying how the scripting engine handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Internet
Explorer 9
on
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer 9
on
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
Internet
Explorer
11 on
Windows
7 for 32-
bit
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
7 for x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
4516065
Monthly
Rollup
4516046 IE
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
2008 R2
for x64-
based
Systems
Service
Pack 1
Cumulative
Internet
Explorer
11 on
Windows
Server
2012
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for 32-
bit
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
4516067
Monthly
Rollup
4516046 IE
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
8.1 for
x64-based
systems
Cumulative
Internet
Explorer
11 on
Windows
Server
2012 R2
4516067
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for 32-
bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
Internet
Explorer
11 on
Windows
10 for
x64-based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
Internet
Explorer
11 on
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1703 for
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
x64-based
Systems
Internet
Explorer
11 on
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
1803 for
32-bit
Systems
Internet
Explorer
11 on
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
4512578
Security Critical
Remote
Code
Execution
4511553 Base: 7.5
Temporal: 6.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
Windows
10 Version
1809 for
32-bit
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Internet
Explorer
11 on
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
Internet
Explorer
11 on
Windows
Server
2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1236
Internet
Explorer
11 on
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
10 on
Windows
Server
2012
4516055
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1237
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles
objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that
an attacker could execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as the current user. If the
current user is logged on with administrative user rights, an attacker who successfully exploited
the vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed
to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
The attacker could also take advantage of compromised websites and websites that accept or host
user-provided content or advertisements. These websites could contain specially crafted content
that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the Chakra scripting engine
handles objects in memory.
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1237
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1709
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237
for 32-bit
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237
Version 1803
for x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1803
for ARM64-
based Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237
Windows 10
Version 1809
for x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1809
for ARM64-
based Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237
Version 1709
for ARM64-
based Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1237
Windows 10
Version 1903
for ARM64-
based Systems
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
CVE-2019-1240 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1240
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1240
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Service Pack
1
Rollup
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Only
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
4516066
Security Important
Remote
Code
Execution
4512516 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: N/A
Temporal: N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
based
Systems
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1241 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1241
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1241
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Service Pack
1
Rollup
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Only
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
4516066
Security Important
Remote
Code
Execution
4512516 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
based
Systems
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1241
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1242 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1242
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1242
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Service Pack
1
Rollup
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Only
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
4516066
Security Important
Remote
Code
Execution
4512516 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
based
Systems
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1242
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1243 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1243
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1243
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Service Pack
1
Rollup
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Only
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
4516066
Security Important
Remote
Code
Execution
4512516 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
based
Systems
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1243
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1244 - DirectWrite Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1244
MITRE
NVD
CVE Title: DirectWrite Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain
information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a
user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The security update addresses the vulnerability by correcting how DirectWrite handles objects
in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1244
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516033
Security Important
Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly Important
Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
Rollup
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4516044
Security Important
Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
1607 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4516066
Security Important
Information
Disclosure 4512516
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
1709 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security Important
Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
4516026
Monthly
Rollup
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1244
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245 - DirectWrite Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1245
MITRE
NVD
CVE Title: DirectWrite Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain
information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a
user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects
in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1245
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
4516065
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
Service
Pack 1
Monthly
Rollup
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
4516033
Security
Only
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
Itanium-
Based
Systems
Service
Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly Important
Information
Disclosure 4512518
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
Rollup
4516062
Security
Only
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
Monthly
Rollup
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security Important
Information
Disclosure 4512517
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
(Server
Core
installation)
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4516058
Security Important
Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
1803 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4512578
Security Important
Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
1809 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
4515384
Security Important
Information
Disclosure 4512508
Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
version
1903
(Server
Core
installation)
Update
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
4516026
Monthly
Rollup
4516051
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1245
Systems
Service
Pack 2
Security
Only
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
CVE-2019-1246 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1246
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: Important
Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1246
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
4516033
Security
Only
4516065
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Systems
Service Pack
1
Monthly
Rollup
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Only
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Office 2010
Service Pack
2 (32-bit
editions)
4475599
Security
Update
Important
Remote
Code
Execution
4475506
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office 2010
Service Pack
2 (64-bit
editions)
4475599
Security
Update
Important
Remote
Code
Execution
4475506
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Microsoft
Office 2013
Service Pack
1 (32-bit
editions)
4475611
Security
Update
Important
Remote
Code
Execution
4464599
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office 2013
Service Pack
1 (64-bit
editions)
4475611
Security
Update
Important
Remote
Code
Execution
4464599
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office 2013
RT Service
Pack 1
4475611
Security
Update
Important
Remote
Code
Execution
4464599
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Microsoft
Office 2016
(32-bit
edition)
4475591
Security
Update
Important
Remote
Code
Execution
4475538
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office 2016
(64-bit
edition)
4475591
Security
Update
Important
Remote
Code
Execution
4475538
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security Important
Remote
Code
Execution
4512517 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
(Server Core
installation)
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Office 2019
for 32-bit
editions
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft
Office 2019
for 64-bit
editions
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Office 365
ProPlus for
32-bit
Systems
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365
ProPlus for
64-bit
Systems
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1246
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1247
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1247
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Rollup
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Systems
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Only
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Important
Remote
Code
Execution
4512507 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1247
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1248
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1248
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Rollup
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Systems
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Only
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Important
Remote
Code
Execution
4512507 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1248
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1249
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1249
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Rollup
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Systems
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Only
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Important
Remote
Code
Execution
4512507 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1249
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1250
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Important Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1250
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Rollup
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
4516033
Security
Only
4516065
Monthly
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Systems
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Only
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Important
Remote
Code
Execution
4512507 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1250
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1251 - DirectWrite Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1251
MITRE
NVD
CVE Title: DirectWrite Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the
contents of its memory. An attacker who successfully exploited the vulnerability could obtain
information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a
user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects
in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is memory layout - the vulnerability allows an attacker to collect information that
facilitates predicting addressing of the memory.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1251
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
Version
4516068
Security Important
Information
Disclosure 4512507
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1251
1703 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
4516058
Security Important
Information
Disclosure 4512501
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1251
x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1251
x64-based
Systems
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1251
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252 - Windows GDI Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1252
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly
discloses the contents of its memory. An attacker who successfully exploited the vulnerability
could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a
user to open a specially crafted document, or by convincing a user to visit an untrusted
webpage.
The security update addresses the vulnerability by correcting how the Windows GDI
component handles objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is memory layout - the vulnerability allows an attacker to collect information that
facilitates predicting addressing of the memory.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1252
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
4516033
Security Important
Information
Disclosure 4512506
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
Systems
Service
Pack 1
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516033
Security Important
Information
Disclosure 4512506
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
R2 for
Itanium-
Based
Systems
Service
Pack 1
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly Important
Information
Disclosure 4512518
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
Rollup
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
Monthly
Rollup
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security Important
Information
Disclosure 4512517
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
(Server Core
installation)
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4516058
Security Important
Information
Disclosure 4512501
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
1803 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
based
Systems
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516026
Monthly Important
Information
Disclosure 4512476
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1252
for x64-
based
Systems
Service
Pack 2
(Server Core
installation)
Rollup
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVE-2019-1253 - Windows Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-2019-
1253
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server
improperly handles junctions.
To exploit this vulnerability, an attacker would first have to gain execution on the victim
system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how AppX Deployment
Server handles junctions.
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1253
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1253
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1253
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1253
based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1253
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1254 - Windows Hyper-V Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1254
MITRE
NVD
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized
memory to disk. An attacker could exploit the vulnerability by reading a file to recover
kernel memory.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
To exploit the vulnerability, an attacker would first require access to a Hyper-V host.
The security update addresses the vulnerability by ensuring Hyper-V properly initializes
memory before writing it to disk.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1254
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4516068
Security Important
Information
Disclosure 4512507
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1254
1703 for
x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
4512578
Security Important
Information
Disclosure 4511553
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1254
x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256 - Win32k Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1256
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to
properly handle objects in memory. An attacker who successfully exploited this vulnerability
could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and take control
of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1256
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Service Pack
1
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Only
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Important
Elevation
of
Privilege
4512507 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1256
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1257 - Microsoft SharePoint Remote Code Execution Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1257
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to
check the source markup of an application package. An attacker who successfully exploited the
vulnerability could run arbitrary code in the context of the SharePoint application pool and the
SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint
application package to an affected version of SharePoint.
The security update addresses the vulnerability by correcting how SharePoint checks the source
markup of application packages.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1257
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2010
Service Pack 2
4475605 Security
Update
Critical Remote Code
Execution 4475575
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1257
N/A
Vector: N/A
Microsoft SharePoint Foundation 2013
Service Pack 1
4484098 Security
Update
Critical Remote Code
Execution 4475565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server
2016
4475590 Security
Update
Critical Remote Code
Execution 4475549
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019
4475596 Security
Update
Critical Remote Code
Execution 4475555
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
CVE-2019-1259 - Microsoft SharePoint Spoofing Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1259
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description: Moderate Spoofing
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests
to authorize applications, resulting in cross-site request forgery (CSRF).
To exploit this vulnerability, an attacker would need to create a page specifically designed to
cause a cross-site request. The attacker would then need to convince a targeted user to click a
link to the malicious page.
The security update addresses the vulnerability by helping to ensure that SharePoint Server
properly sanitizes user web requests.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1259
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2013 Service
Pack 1
4484098 Security
Update
Moderate Spoofing 4475565
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-1260 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1260
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description: Important
Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who
successfully exploited this vulnerability could attempt to impersonate another user of the
SharePoint server.
To exploit this vulnerability, an authenticated attacker would send a specially crafted request
to an affected server, thereby allowing the impersonation of another SharePoint user.
The security update addresses the vulnerability by correcting how Microsoft SharePoint
sanitizes user input.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
There are multiple update packages available for some of the affected software. Do I
need to install all the updates listed in the Security Updates table for the software?
Yes. Customers should apply all updates offered for the software installed on their systems.
If multiple updates apply, they can be installed in any order.
Mitigations:
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1260
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2010
Service Pack 2
4475605 Security
Update
Important Elevation of
Privilege 4475575
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1260
Microsoft SharePoint Foundation 2013
Service Pack 1
4484098 Security
Update
4484099 Security
Update
Important Elevation of
Privilege 4475565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server
2016
4475590 Security
Update
4475594 Security
Update
Important Elevation of
Privilege 4475549
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019
4464557 Security
Update
4475596 Security
Update
Important Elevation of
Privilege 4475555
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1261 - Microsoft SharePoint Spoofing Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1261
MITRE
NVD
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description:
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests
to authorize applications, resulting in cross-site request forgery (CSRF).
To exploit this vulnerability, an attacker would need to create a page specifically designed to
cause a cross-site request. The attacker would then need to convince a targeted user to click a
link to the malicious page.
The security update addresses the vulnerability by helping to ensure that SharePoint Server
properly sanitizes user web requests.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Important Spoofing
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1261
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2013 Service
Pack 1
4484098 Security
Update
Important Spoofing 4475565
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016
4475590 Security
Update
Important Spoofing 4475549
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1261
Microsoft SharePoint Server 2019
4475596 Security
Update
Important Spoofing 4475555
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-1262 - Microsoft Office SharePoint XSS Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1262
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not
properly sanitize a specially crafted web request to an affected SharePoint server. An
authenticated attacker could exploit the vulnerability by sending a specially crafted request to an
affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting
attacks on affected systems and run script in the security context of the current user. The attacks
could allow the attacker to read content that the attacker is not authorized to read, use the victim's
identity to take actions on the SharePoint site on behalf of the user, such as change permissions
and delete content, and inject malicious content in the browser of the user.
Important Spoofing
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The security update addresses the vulnerability by helping to ensure that SharePoint Server
properly sanitizes web requests.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1262
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2013 Service
Pack 1
4484098 Security
Update
Important Spoofing 4475565
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-1263 - Microsoft Excel Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1263
MITRE
NVD
CVE Title: Microsoft Excel Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the
contents of its memory. An attacker who exploited the vulnerability could use the information
to compromise the user’s computer or data.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
To exploit the vulnerability, an attacker could craft a special document file and then convince
the user to open it. An attacker must know the memory address location where the object was
created.
The update addresses the vulnerability by changing the way certain Excel functions handle
objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Workarounds:
None
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1263
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Excel 2010 Service Pack 2
(32-bit editions)
4475574 Security
Update
Important Information
Disclosure 4464572
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2
(64-bit editions)
4475574 Security
Update
Important Information
Disclosure 4464572
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1263
Microsoft Excel 2013 Service Pack 1
(32-bit editions)
4475566 Security
Update
Important Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1
(64-bit editions)
4475566 Security
Update
Important Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack
1
4475566 Security
Update
Important Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac
Release Notes Security
Update
Important Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Excel 2016 (32-bit edition)
4475579 Security
Update
Important Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition)
4475579 Security
Update
Important Information
Disclosure 4475513
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1263
N/A
Vector: N/A
Microsoft Office 2019 for 32-bit
editions
Click to Run Security
Update
Important Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit
editions
Click to Run Security
Update
Important Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for Mac
Release Notes Security
Update
Important Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems
Click to Run Security
Update
Important Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems
Click to Run Security
Update
Important Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1264 - Microsoft Office Security Feature Bypass Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1264
MITRE
NVD
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
Description:
A security feature bypass vulnerability exists when Microsoft Office improperly handles input.
An attacker who successfully exploited the vulnerability could execute arbitrary commands.
In a file-sharing attack scenario, an attacker could provide a specially crafted document file
designed to exploit the vulnerability, and then convince a user to open the document file and
interact with the document by clicking a specific cell.
The update addresses the vulnerability by correcting how Microsoft Office handles input.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Workarounds:
Important Security Feature
Bypass
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1264
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Project 2010 Service Pack 2
(32-bit editions)
4461631 Security
Update
Important Security Feature
Bypass 4022147
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2010 Service Pack 2
(64-bit editions)
4461631 Security
Update
Important Security Feature
Bypass 4022147
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1264
N/A
Vector: N/A
Microsoft Office 2010 Service Pack 2
(32-bit editions)
4464566 Security
Update
Important Security Feature
Bypass 4462223
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2
(64-bit editions)
4464566 Security
Update
Important Security Feature
Bypass 4462223
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1
(32-bit editions)
4475607 Security
Update
Important Security Feature
Bypass 4464558
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1
(64-bit editions)
4475607 Security
Update
Important Security Feature
Bypass 4464558
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack
1
4475607 Security
Update
Important Security Feature
Bypass 4464558
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1264
Microsoft Office 2016 (32-bit edition)
4475583 Security
Update
Important Security Feature
Bypass 4462242
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition)
4475583 Security
Update
Important Security Feature
Bypass 4462242
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2016 (32-bit edition)
4475589 Security
Update
Important Security Feature
Bypass 4461478
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2016 (64-bit edition)
4475589 Security
Update
Important Security Feature
Bypass 4461478
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2013 Service Pack 1
(32-bit editions)
4464548 Security
Update
Important Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2013 Service Pack 1
(64-bit editions)
4464548 Security
Update
Important Security Feature
Bypass 4461489
Base: N/A
Temporal: Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1264
N/A
Vector: N/A
Microsoft Office 2019 for 32-bit editions
Click to Run Security
Update
Important Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions
Click to Run Security
Update
Important Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems
Click to Run Security
Update
Important Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems
Click to Run Security
Update
Important Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1265 - Microsoft Yammer Security Feature Bypass Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1265
MITRE
NVD
CVE Title: Microsoft Yammer Security Feature Bypass Vulnerability
Description:
A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails
to apply the correct Intune MAM Policy.
This could allow an attacker to perform functions that are restricted by Intune Policy.
The security update addresses the vulnerability by correcting the way the policy is applied to
Yammer App.
FAQ:
How do I get the update for Yammer for Android?
1. Tap the Google Play icon on your home screen.
2. Swipe in from the left edge of the screen.
3. Tap My apps & games.
4. Tap the Update box next to the Yammer app.
Is there a direct link on the web?
Important Security Feature
Bypass
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Yes: https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US
What versions of the Yammer for Android App contain the fix for this vulnerability?
Yammer for Android App versions 5.6.10 or higher are not affected by this vulnerability.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1265
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Yammer for Android Important Security Feature Bypass
Base: N/A
Temporal: N/A
Vector: N/A
CVE-2019-1266 - Microsoft Exchange Spoofing Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1266
MITRE
NVD
CVE Title: Microsoft Exchange Spoofing Vulnerability
Description:
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA)
fails to properly handle web requests. An attacker who successfully exploited the vulnerability
could perform script or content injection attacks, and attempt to trick the user into disclosing
sensitive information. An attacker could also redirect the user to a malicious website that could
spoof content or the vulnerability could be used as a pivot to chain an attack with other
vulnerabilities in web services.
Important Spoofing
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
To exploit the vulnerability, an attacker could send a specially crafted email containing a
malicious link to a user. An attacker could also use a chat client to social engineer a user into
clicking the malicious link. However, in both examples the user must click the malicious link.
The security update addresses the vulnerability by correcting how OWA validates web requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1266
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Exchange Server 2016 Cumulative
Update 12
4515832 Security
Update
Important Spoofing 4509409
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019 Cumulative
Update 1
4515832 Security
Update
Important Spoofing 4509408
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019 Cumulative
Update 2
4515832 Security
Update
Important Spoofing 4509408
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016 Cumulative
Update 13
4515832 Security
Update
Important Spoofing 4509409
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267 - Microsoft Compatibility Appraiser Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1267
MITRE
NVD
CVE Title: Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a
configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An
attacker who successfully exploited this vulnerability could run processes in an elevated context.
An attacker could then install programs; view, change or delete data.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and take control
of an affected system.
The security update addresses the vulnerability by writing the file to a location with an appropriate
Access Control List.
FAQ:
None
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1267
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7 for
32-bit Systems
Service Pack 1
4516033
Security
Only
Important
Elevation
of
Privilege
4512506 Base: 7.3
Temporal: 6.6 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Windows 7 for
x64-based
Systems
Service Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based Systems
Service Pack 1
(Server Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-Based
4516033
Security
Only
4516065
Monthly
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
Systems
Service Pack 1
Rollup
Windows
Server 2008
R2 for x64-
based Systems
Service Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Important
Elevation
of
Privilege
4512507 Base: 7.3
Temporal: 6.6 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
Windows 10
Version 1803
for ARM64-
based Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 7.3
Temporal: 6.6 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
(Server Core
installation)
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Windows 10
Version 1709
for ARM64-
based Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1267
(Server Core
installation)
CVE-2019-1268 - Winlogon Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1268
MITRE
NVD
CVE Title: Winlogon Elevation of Privilege Vulnerability
Description:
An elevation of privilege exists when Winlogon does not properly handle file path information.
An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker
could then install programs; view, change, or delete data; or create new accounts with full user
rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application to take control of an affected system.
The update addresses the vulnerability by correcting how Winlogon handles path information.
FAQ:
None
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1268
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Elevation
of
Privilege
4512506 Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
Service Pack
1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
4516033
Security
Only
Important
Elevation
of
Privilege
4512506 Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
Itanium-
Based
Systems
Service Pack
1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important
Elevation
of
Privilege
4512518 Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
4516062
Security
Only
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
Rollup
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security Important
Elevation
of
Privilege
4512497 Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
Update
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 6.5
Temporal: 5.9 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
based
Systems
Update
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1268
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1269 - Windows ALPC Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1269
MITRE
NVD
CVE Title: Windows ALPC Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to
Advanced Local Procedure Call (ALPC).
An attacker who successfully exploited this vulnerability could run arbitrary code in the
security context of the local system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and take
control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
FAQ:
None
Mitigations:
None
Workarounds:
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1269
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1269
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1269
Rollup
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1269
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1269
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1269
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security Important
Elevation
of
Privilege
4512508 Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1269
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1270 - Microsoft Windows Store Installer Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1270
MITRE
NVD
CVE Title: Microsoft Windows Store Installer Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps
directory is vulnerable to symbolic link attack. An attacker who successfully exploited this
vulnerability could bypass access restrictions to add or remove files.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and add or
remove files.
The security update addresses the vulnerability by not allowing reparse points in the
WindowsApps directory.
FAQ:
None
Mitigations:
None
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1270
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1270
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Important
Elevation
of
Privilege
4512507 Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1270
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1270
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1270
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1270
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
CVE-2019-1271 - Windows Media Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1271
MITRE
NVD
CVE Title: Windows Media Elevation of Privilege Vulnerability
Description:
An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An
attacker who successfully exploited this vulnerability could run processes in an elevated
context. An attacker could then install programs; view, change or delete data.
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application to take control of an affected system.
The update addresses the vulnerability by correcting how hdAudio.sys stores the size of the
reserved region.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based Systems
Service Pack
1 (Server Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Windows
Server 2008
R2 for
Itanium-Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Rollup
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 7
Temporal: 6.3 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Windows 10
Version 1809
for ARM64-
based Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security Important
Elevation
of
Privilege
4512508 Base: 7
Temporal: 6.3 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1903
for ARM64-
based Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
4516026
Monthly
Rollup
4516051
Security
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1271
Service Pack
2
Only
Windows
Server 2008
for x64-based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack
2 (Server Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1272 - Windows ALPC Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1272
MITRE
NVD
CVE Title: Windows ALPC Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to
Advanced Local Procedure Call (ALPC).
An attacker who successfully exploited this vulnerability could run arbitrary code in the
security context of the local system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and take
control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
FAQ:
None
Mitigations:
None
Workarounds:
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1272
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security Important
Elevation
of
Privilege
4512497 Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1272
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1272
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1272
(Server Core
Installation)
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1272
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1272
based
Systems
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
CVE-2019-1273 - Active Directory Federation Services XSS Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1273
MITRE
NVD
CVE Title: Active Directory Federation Services XSS Vulnerability
Description:
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services
(ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit
the vulnerability by sending a specially crafted request to an affected ADFS server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting
attacks on affected systems and run scripts in the security context of the current user. The attacks
could allow the attacker to read content that the attacker is not authorized to read, use the victim's
Important Spoofing
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
identity to take actions on the ADFS site on behalf of the user, such as change permissions and
delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that ADFS error handling
properly sanitizes error messages.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1273
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
4512578
Security Important Spoofing 4511553
Base: 8.2
Temporal: 7.4 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1273
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important Spoofing 4512508
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1273
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important Spoofing 4512508
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important Spoofing 4512508
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important Spoofing 4512508
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
CVE-2019-1274 - Windows Kernel Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: Important
Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
1274
MITRE
NVD
An information disclosure vulnerability exists when the Windows kernel fails to properly
initialize a memory address. An attacker who successfully exploited this vulnerability could
obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a
specially crafted application.
The security update addresses the vulnerability by correcting how the Windows kernel
initializes memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1274
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
4516033
Security
Only
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
Systems
Service Pack
1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516033
Security Important
Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
R2 for x64-
based
Systems
Service Pack
1
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important Information
Disclosure 4512518
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
(Server Core
installation)
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
Rollup
Windows RT
8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security Important
Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-
based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
based
Systems
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-
based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
4516058
Security Important
Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
(Server Core
Installation)
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security Important
Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
4515384
Security Important
Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516026
Monthly Important
Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1274
for x64-
based
Systems
Service Pack
2
Rollup
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1277 - Windows Audio Service Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1277
MITRE
NVD
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows Audio Service when a malformed
parameter is processed. An attacker who successfully exploited the vulnerability could run
arbitrary code with elevated privileges when used in conjunction with another vulnerability.
To exploit the vulnerability, an attacker could run a specially crafted application locally. This
vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be
used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability
and another elevation of privilege) that could take advantage of the elevated privileges when
running.
The update addresses the vulnerability by correcting how the Windows Audio Service handles
these parameters.
FAQ:
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1277
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1277
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1277
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1277
based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1277
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1278 - Windows Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-1278
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects
in memory. An attacker who successfully exploited the vulnerability could execute code with
elevated permissions.
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted
application.
The security update addresses the vulnerability by ensuring the unistore.dll properly handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1278
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1278
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4516058
Security Important
Elevation
of
Privilege
4512501 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1278
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
4512578
Security Important
Elevation
of
Privilege
4511553 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1278
for x64-based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security Important
Elevation
of
Privilege
4512508 Base: 7.8
Temporal: 7 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1278
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280 - LNK Remote Code Execution Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1280
MITRE
NVD
CVE Title: LNK Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code
execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the
local user. Users whose accounts are configured to have fewer user rights on the system could be
less impacted than users who operate with administrative user rights.
The attacker could present to the user a removable drive, or remote share, that contains a
malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote
share) in Windows Explorer, or any other application that parses the .LNK file, the malicious
binary will execute code of the attacker’s choice, on the target system.
The security update addresses the vulnerability by correcting the processing of shortcut LNK
references.
FAQ:
None
Critical Remote Code
Execution
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1280
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
4516033
Security
Only
Critical
Remote
Code
Execution
4512506 Base: 7.3
Temporal: 6.6 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Systems
Service Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-based
Systems
Service Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based Systems
Service Pack 1
(Server Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-Based
4516033
Security
Only
4516065
Monthly
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Systems
Service Pack 1
Rollup
Windows
Server 2008
R2 for x64-
based Systems
Service Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack 2
(Server Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Critical
Remote
Code
Execution
4512518
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Critical
Remote
Code
Execution
4512518
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Windows 10
for x64-based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
4516068
Security Critical
Remote
Code
Execution
4512507 Base: 7.3
Temporal: 6.6 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1703
for x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Windows
Server 2019
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security Critical
Remote
Code
Execution
4512508 Base: 7.3
Temporal: 6.6 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
for ARM64-
based Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1280
Windows
Server 2008
for x64-based
Systems
Service Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-based
Systems
Service Pack 2
(Server Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282 - Windows Common Log File System Driver Information
Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1282
MITRE
NVD
CVE Title: Windows Common Log File System Driver Information Disclosure Vulnerability
Description:
An information disclosure exists in the Windows Common Log File System (CLFS) driver
when it fails to properly handle sandbox checks. An attacker who successfully exploited this
vulnerability could potentially read data outside their expected limits.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a
specially crafted application.
The security update addresses the vulnerability by correcting how CLFS handles sandbox
checks.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is unauthorized file system access - reading from the file system.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1282
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
4516033
Security Important
Information
Disclosure 4512506
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
Systems
Service Pack
1
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516033
Security Important
Information
Disclosure 4512506
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
R2 for
Itanium-
Based
Systems
Service Pack
1
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly Important
Information
Disclosure 4512518
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
Rollup
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
Monthly
Rollup
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security Important
Information
Disclosure 4512517
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
(Server Core
installation)
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
4516058
Security Important
Information
Disclosure 4512501
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
1803 for 32-
bit Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
based
Systems
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516026
Monthly Important
Information
Disclosure 4512476
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1282
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
Rollup
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVE-2019-1283 - Microsoft Graphics Components Information Disclosure
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1283
MITRE
NVD
CVE Title: Microsoft Graphics Components Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists in the way that Microsoft Graphics Components
handle objects in memory. An attacker who successfully exploited the vulnerability could
obtain information that could be useful for further exploitation.
To exploit the vulnerability, a user would have to open a specially crafted file.
Important Information
Disclosure
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The security update addresses the vulnerability by correcting how Microsoft Graphics
Components handle objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@NSFOCUS 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1283
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
4516033
Security Important
Information
Disclosure 4512506
Base: 5.5
Temporal: 5 Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1283
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
Only
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1284 - DirectX Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1284
MITRE
NVD
CVE Title: DirectX Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in
memory. An attacker who successfully exploited this vulnerability could run arbitrary code in
kernel mode. An attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker
could then run a specially crafted application that could exploit the vulnerability and take control
of an affected system.
The update addresses the vulnerability by correcting how DirectX handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Important Elevation of
Privilege
@NSFOCUS 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1284
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1284
Windows 7
for x64-based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@NSFOCUS 2019 http://www.nsfocus.com
CVE-2019-1284
Service Pack
1
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
4516026
Monthly
Rollup
4516051
Security
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
top related