overview - home | nsfocus

@NSFOCUS 2019 http://www.nsfocus.com

Microsoft Released September Patches to Fix 81 Security Vulnerabilities

Threat Alert

Overview

Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to

remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common

Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET

Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Yammer, Project

Rome, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows

Kernel, and Windows RDP.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level

.NET Core CVE-2019-1301 .NET Core Denial-of-Service

Vulnerability Important

.NET Framework CVE-2019-1142 .NET Framework Privilege

Escalation Vulnerability Important

Active Directory CVE-2019-1273 Active Directory Federation

Services XSS Vulnerability Important

Adobe Flash Player ADV190022 September 2019 Adobe Flash

Security Update Critical

ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of

Privilege Vulnerability Important

Common Log File System Driver CVE-2019-1214

Windows Common Log File

System Driver Privilege Escalation

Vulnerability

Important

Common Log File System Driver CVE-2019-1282

Windows Common Log File

System Driver Information

Disclosure Vulnerability

Important

Microsoft Browsers CVE-2019-1220 Microsoft Browser Security Feature

Bypass Vulnerability Important

Microsoft Edge CVE-2019-1299

Microsoft Edge based on Edge

HTML Information Disclosure

Vulnerability

Important

Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange Denial-of-

Service Vulnerability Important

Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange Spoofing

Microsoft Graphics Component CVE-2019-1216 DirectX Information Disclosure

Microsoft Graphics Component CVE-2019-1244 DirectWrite Information Disclosure

Microsoft Graphics Component CVE-2019-1252 Windows GDI Information

Disclosure Vulnerability Important

Microsoft Graphics Component CVE-2019-1283

Microsoft Graphics Components

Information Disclosure

Vulnerability

Important

Microsoft Graphics Component CVE-2019-1284 DirectX Privilege Escalation

Microsoft Graphics Component CVE-2019-1286 Windows GDI Information

Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine Remote Code

Execution Vulnerability Important

Microsoft Office CVE-2019-1297 Microsoft Excel Remote Code

Microsoft Office CVE-2019-1263 Microsoft Excel Information

Microsoft Office CVE-2019-1264 Microsoft Office Security Feature

Bypass Vulnerability Important

Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint Remote Code

Execution Vulnerability Critical

Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint Spoofing

Vulnerability Moderate

Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint Privilege

Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint Spoofing

Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS

Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine Memory

Corruption Vulnerability Moderate

Microsoft Scripting Engine CVE-2019-1208 VBScript Remote Code Execution

Vulnerability

Critical

Corruption Vulnerability Critical

Microsoft Scripting Engine CVE-2019-1221 Scripting Engine Memory

Microsoft Scripting Engine CVE-2019-1236 VBScript Remote Code Execution

Vulnerability Critical

Corruption Vulnerability Moderate

Microsoft Windows CVE-2019-1215 Windows Privilege Escalation

Microsoft Windows CVE-2019-1219

Windows Transaction Manager

Vulnerability

Important

Microsoft Windows CVE-2019-1267 Microsoft Compatibility Appraiser

Privilege Escalation Vulnerability Important

Microsoft Windows CVE-2019-1268 Winlogon Privilege Escalation

Microsoft Windows CVE-2019-1269 Windows ALPC Privilege

Microsoft Windows CVE-2019-1270 Microsoft Windows Store Installer

Microsoft Windows CVE-2019-1271 Windows Media Privilege

Microsoft Windows CVE-2019-1272 Windows ALPC Privilege

Microsoft Windows CVE-2019-1235 Windows Text Service Framework

Microsoft Windows CVE-2019-1277 Windows Audio Service Privilege

Microsoft Windows CVE-2019-1280 LNK Remote Code Execution

Vulnerability Critical

Windows Network Connectivity

Assistant Privilege Escalation

Vulnerability

Important

Windows Update Delivery

Optimization Privilege Escalation

Vulnerability

Important

Microsoft Windows CVE-2019-1292 Windows Denial-of-Service

Microsoft Windows CVE-2019-1294 Windows Secure Boot Security

Feature Bypass Vulnerability Important

Microsoft Yammer CVE-2019-1265 Microsoft Yammer Security

Feature Bypass Vulnerability Important

Project Rome CVE-2019-1231 Rome SDK Information Disclosure

Vlunerability Important

Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical

Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 Information Disclosure

Vlunerability Important

Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-site

Scripting Vulnerability Important

Team Foundation Server CVE-2019-1306

Azure DevOps and Team

Foundation Server Remote Code

Execution Vulnerability

Critical

Visual Studio CVE-2019-1232

Diagnostics Hub Standard

Collector Service Privilege

Escalation Vulnerability

Important

Windows Hyper-V CVE-2019-0928 Windows Hyper-V Denial-of-

Service Vulnerability Important

Windows Hyper-V CVE-2019-1254 Windows Hyper-V Information

Windows Kernel CVE-2019-1274 Windows Kernel Information

Windows Kernel CVE-2019-1256 Win32k Privilege Escalation

Windows Kernel CVE-2019-1285 Win32k Privilege Escalation

Windows Kernel CVE-2019-1293

Windows SMB Client Driver

Vulnerability

Important

Windows RDP CVE-2019-0787 Remote Desktop Client Remote

Code Execution Vulnerability Critical

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Appendix

ADV190022 - September 2019 Adobe Flash Security Update

CVE ID Vulnerability Description

Maximu

Severity

Rating

Vulnerabilit

y Impact

ADV19002

CVE Title: September 2019 Adobe Flash Security Update

Description:

This security update addresses the following vulnerability, which is described in Adobe Security Bulletin

APSB19-46: CVE-2019-8069 and CVE-2019-8070.

How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is

using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed

to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the

website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application

or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of

compromised websites and websites that accept or host user-provided content or advertisements. These

Critical

Remote

Execution

Maximu

Severity

Rating

Vulnerabilit

y Impact

websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases,

however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an

attacker would have to convince users to take action, typically by clicking a link in an email message or in

an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent

through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an

attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An

attacker could then host a website that contains specially crafted Flash content designed to exploit any of

these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker

would have no way to force users to view the attacker-controlled content. Instead, an attacker would have

to convince users to take action, typically by clicking a link in an email message or in an Instant

Messenger message that takes users to the attacker's website, or by opening an attachment sent through

email. For more information about Internet Explorer and the CV List, please see the MSDN Article,

Developer Guidance for websites with content for Adobe Flash Player in Windows 8.

Mitigations:

Workarounds:

Maximu

Severity

Rating

Vulnerabilit

y Impact

Workaround refers to a setting or configuration change that would help block known attack vectors before

you apply the update.

Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe Flash Player in

Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office

2010, by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to

reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from

using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for the control in

the registry, perform the following steps:

1. Paste the following into a text file and save it with the .reg file extension.

2. Windows Registry Editor Version 5.00

3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX

Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

4. "Compatibility Flags"=dword:00000400

6. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX

Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

7. "Compatibility Flags"=dword:00000400

Maximu

Severity

Rating

Vulnerabilit

y Impact

8. Double-click the .reg file to apply it to an individual system.

You can also apply this workaround across domains by using Group Policy. For more information

about Group Policy, see the TechNet article, Group Policy collection.

Note You must restart Internet Explorer for your changes to take effect. Impact of workaround. There is

no impact as long as the object is not intended to be used in Internet Explorer. How to undo the

workaround. Delete the registry keys that were added in implementing this workaround. Prevent Adobe

Flash Player from running in Internet Explorer through Group Policy Note The Group Policy MMC

snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For

more information about Group Policy, visit the following Microsoft Web sites:

Group Policy Overview What is Group Policy Object Editor? Core Group Policy tools and settings

To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps:

Note This workaround does not prevent Flash from being invoked from other applications, such as

Microsoft Office 2007 or Microsoft Office 2010.

1. Open the Group Policy Management Console and configure the console to work with the

appropriate Group Policy object, such as local machine, OU, or domain GPO.

2. Navigate to the following node: Administrative Templates -> Windows Components ->

Internet Explorer -> Security Features -> Add-on Management

Maximu

Severity

Rating

Vulnerabilit

y Impact

3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications from using

Internet Explorer technology to instantiate Flash objects.

4. Change the setting to Enabled.

5. Click Apply and then click OK to return to the Group Policy Management Console.

6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval

for the settings to take effect. Prevent Adobe Flash Player from running in Office 2010 on

affected systems Note This workaround does not prevent Adobe Flash Player from running in

Internet Explorer. Warning If you use Registry Editor incorrectly, you may cause serious problems

that may require you to reinstall your operating system. Microsoft cannot guarantee that you can

solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own

risk. For detailed steps that you can use to prevent a control from running in Internet Explorer, see

Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility

Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash

Player in the registry using the following steps:

1. Create a text file named Disable_Flash.reg with the following contents:

Maximu

Severity

Rating

Vulnerabilit

y Impact

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D

27CDB6E-AE6D-11CF-96B8-444553540000}]

"Compatibility Flags"=dword:00000400

2. Double-click the .reg file to apply it to an individual system.

3. Note You must restart Internet Explorer for your changes to take effect. You can also apply this

workaround across domains by using Group Policy. For more information about Group Policy, see

the TechNet article, Group Policy collection. Prevent ActiveX controls from running in Office

2007 and Office 2010

To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe

Flash Player in Internet Explorer, perform the following steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings.

2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without

notifications.

3. Click OK to save your settings. Impact of workaround. Office documents that use embedded

ActiveX controls may not display as intended. How to undo the workaround.

Maximu

Severity

Rating

Vulnerabilit

y Impact

To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following

steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings.

2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without

notifications.

3. Click OK to save your settings. Set Internet and Local intranet security zone settings to "High"

to block ActiveX Controls and Active Scripting in these zones You can help protect against

exploitation of these vulnerabilities by changing your settings for the Internet security zone to

block ActiveX controls and Active Scripting. You can do this by setting your browser security to

To raise the browsing security level in Internet Explorer, perform the following steps:

1. On the Internet Explorer Tools menu, click** Internet Option**s.

2. In the Internet Options dialog box, click the Security tab, and then click Internet.

3. Under Security level for this zone, move the slider to High. This sets the security level for all

websites you visit to High.

4. Click Local intranet.

5. Under Security level for this zone, move the slider to High. This sets the security level for all

websites you visit to High.

Maximu

Severity

Rating

Vulnerabilit

y Impact

6. Click OK to accept the changes and return to Internet Explorer. Note If no slider is visible, click

Default Level, and then move the slider to High. Note Setting the level to High may cause some

websites to work incorrectly. If you have difficulty using a website after you change this setting,

and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will

allow the site to work correctly even with the security setting set to High. Impact of workaround.

There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the

Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For

example, an online e-commerce site or banking site may use ActiveX Controls to provide menus,

ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a

global setting that affects all Internet and intranet sites. If you do not want to block ActiveX

Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the

Internet Explorer Trusted sites zone". Configure Internet Explorer to prompt before running

Active Scripting or to disable Active Scripting in the Internet and Local intranet security

You can help protect against exploitation of these vulnerabilities by changing your settings to prompt

before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security

zone. To do this, perform the following steps:

1. In Internet Explorer, click Internet Options on the Tools menu.

2. Click the Security tab.

Maximu

Severity

Rating

Vulnerabilit

y Impact

3. Click Internet, and then click Custom Level.

4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and

then click OK.

5. Click Local intranet, and then click Custom Level.

6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and

then click OK.

7. Click OK to return to Internet Explorer, and then click OK again. Note Disabling Active Scripting

in the Internet and Local intranet security zones may cause some websites to work incorrectly. If

you have difficulty using a website after you change this setting, and you are sure the site is safe to

use, you can add that site to your list of trusted sites. This will allow the site to work correctly.

Impact of workaround. There are side effects to prompting before running Active Scripting.

Many websites that are on the Internet or on an intranet use Active Scripting to provide additional

functionality. For example, an online e-commerce site or banking site may use Active Scripting to

provide menus, ordering forms, or even account statements. Prompting before running Active

Scripting is a global setting that affects all Internet and intranet sites. You will be prompted

frequently when you enable this workaround. For each prompt, if you feel you trust the site that

you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these

sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".

Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet

Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet

Maximu

Severity

Rating

Vulnerabilit

y Impact

zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted

sites zone. This will allow you to continue to use trusted websites exactly as you do today, while

helping to protect you from this attack on untrusted sites. We recommend that you add only sites

that you trust to the Trusted sites zone.

To do this, perform the following steps:

1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.

2. In the Select a web content zone to specify its current security settings box, click Trusted Sites,

and then click Sites.

3. If you want to add sites that do not require an encrypted channel, click to clear the Require server

verification (https:) for all sites in this zone check box.

4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.

5. Repeat these steps for each site that you want to add to the zone.

6. Click OK two times to accept the changes and return to Internet Explorer. Note Add any sites that

you trust not to take malicious action on your system. Two sites in particular that you may want to

add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that

will host the update, and they require an ActiveX control to install the update.

Maximu

Severity

Rating

Vulnerabilit

y Impact

Revision:

1.0 09/10/2019 07:00:00

Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

ADV190022

Product KB Article Severity Impact Supersedence CVSS Score

Restart

Required

Adobe Flash Player on Windows Server 2012

4516115 Security

Update

Critical Remote Code

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

ADV190022

Adobe Flash Player on Windows 8.1 for 32-bit

systems

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

Adobe Flash Player on Windows 8.1 for x64-

based systems

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

Adobe Flash Player on Windows Server 2012 R2

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

Adobe Flash Player on Windows RT 8.1

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

Adobe Flash Player on Windows 10 for 32-bit

Systems

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

Adobe Flash Player on Windows 10 for x64-

based Systems

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal: Yes

ADV190022

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

Adobe Flash Player on Windows 10 Version

1607 for 32-bit Systems

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

1607 for x64-based Systems

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

ADV190022

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

1803 for ARM64-based Systems

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal: Yes

ADV190022

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

ADV190022

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

4516115 Security

Update

Execution 4503308

Base: N/A

Temporal:

Vector: N/A

ADV990001 - Latest Servicing Stack Updates

Maximum

Severity

Rating

Vulnerability

Impact

ADV990001

CVE Title: Latest Servicing Stack Updates

Description:

This is a list of the latest servicing stack updates for each operating system. This list will be

updated whenever a new servicing stack update is released. It is important to install the latest

servicing stack update.

Critical Defense in

Maximum

Severity

Rating

Vulnerability

Impact

1. Why are all of the Servicing Stack Updates (SSU) critical updates?

The SSUs are classified as Critical updates. This does not indicate that there is a critical

vulnerability being addressed in the update.

2. When was the most recent SSU released for each version of Microsoft Windows?

Please refer to the following table for the most recent SSU release. We will update the entries

any time a new SSU is released:

Product SSU Package Date Released

Windows Server 2008 4517134 September 2019

Windows 7/Server 2008 R2 4516655 September 2019

Windows Server 2012 4512939 September 2019

Windows 8.1/Server 2012 R2 4512938 September 2019

Windows 10 4512573 September 2019

Windows 10 Version 1607/Server 2016 4512574 September 2019

Windows 10 Version 1703 4511839 September 2019

Windows 10 1709 4512575 September 2019

Windows 10 1803/Windows Server, version 1803 4512576 September 2019

Windows 10 1809/Server 2019 4512577 September 2019

Maximum

Severity

Rating

Vulnerability

Impact

Windows 10 1903/Windows Server, version 1903 4515383 September 2019

Mitigations:

Workarounds:

Revision:

9.0 06/11/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1607, Windows Server

2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section for more

information.

10.0 06/14/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server,

version 1903 (Server Core installation). See the FAQ section for more information.

12.0 07/24/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server

2019. See the FAQ section for more information.

8.0 05/14/2019 07:00:00

Maximum

Severity

Rating

Vulnerability

Impact

A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10 version

1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version 1709, Windows

Server, version 1709, Windows 10 version 1803, Windows Server, version 1803, Windows 10

version 1809, Windows Server 2019, Windows 10 version 1809 and Windows Server, version

1.2 12/03/2018 08:00:00

FAQs have been added to further explain Security Stack Updates. The FAQs include a table that

indicates the most recent SSU release for each Windows version. This is an informational

change only.

3.2 12/12/2018 08:00:00

Fixed a typo in the FAQ.

7.0 04/09/2019 07:00:00

A Servicing Stack Update has been released for Windows Server 2008 and Windows Server

2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019, and Windows

Server 2019 (Server Core installation). See the FAQ section for more information.

3.1 12/11/2018 08:00:00

Updated supersedence information. This is an informational change only.

6.0 03/12/2019 07:00:00

Maximum

Severity

Rating

Vulnerability

Impact

A Servicing Stack Update has been released for Windows 7 and Windows Server 2008 R2 and

Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information.

1.1 11/14/2018 08:00:00

Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational

change only.

1.0 11/13/2018 08:00:00

13.0 07/26/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server,

version 1903 (Server Core installation). See the FAQ section for more information.

4.0 01/08/2019 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section

for more information.

5.1 02/13/2019 08:00:00

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10

Version 1809 for x64-based Systems to 4470788. This is an informational change only.

14.0 09/10/2019 07:00:00

Maximum

Severity

Rating

Vulnerability

Impact

A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ

section for more information.

3.0 12/11/2018 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server,

version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server,

version 1803 (Server Core Installation). See the FAQ section for more information.

5.0 02/12/2019 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1607, Windows Server

2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703;

Windows 10 Version 1709 and Windows Server, version 1709 (Server Core Installation);

Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See

the FAQ section for more information.

2.0 12/05/2018 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server

11.0 07/09/2019 07:00:00

A Servicing Stack Update has been released for all supported versions of Windows 10 (including

Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2 and Windows Server

Maximum

Severity

Rating

Vulnerability

Impact

5.2 02/14/2019 08:00:00

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10

Version 1803 for x64-based Systems to 4485449. This is an informational change only.

Affected Software

ADV990001

Restart

Required

Windows 7 for 32-bit Systems Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows 7 for x64-based Systems Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal: Yes

ADV990001

Vector: N/A

Windows Server 2008 R2 for x64-based Systems

Service Pack 1 (Server Core installation)

4516655 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2008 R2 for Itanium-Based

Systems Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2008 R2 for x64-based Systems

Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2008 for 32-bit Systems Service

Pack 2 (Server Core installation)

4517134 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2012

4512939 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

ADV990001

Windows Server 2012 (Server Core installation)

4512939 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows 8.1 for 32-bit systems

4512938 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows 8.1 for x64-based systems

4512938 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2012 R2

4512938 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2012 R2 (Server Core installation)

4512938 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows 10 for 32-bit Systems

4512573 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal: Yes

ADV990001

Vector: N/A

Windows 10 for x64-based Systems

4512573 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2016

4512574 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows 10 Version 1607 for 32-bit Systems

4512574 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows 10 Version 1607 for x64-based Systems

4512574 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512574 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

ADV990001

4511839 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4511839 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512575 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512575 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512576 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512576 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal: Yes

ADV990001

Vector: N/A

Windows Server, version 1803 (Server Core

Installation)

4512576 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows 10 Version 1803 for ARM64-based

Systems

4512576 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512577 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512577 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Systems

4512577 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

ADV990001

Windows Server 2019

4512577 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4512577 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Systems

4512575 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4515383 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

4515383 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Systems

4515383 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal: Yes

ADV990001

Vector: N/A

Windows Server, version 1903 (Server Core

installation)

4515383 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2008 for Itanium-Based Systems

Service Pack 2

4517134 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2008 for 32-bit Systems Service

Pack 2

4517134 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2008 for x64-based Systems

Service Pack 2

4517134 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

Windows Server 2008 for x64-based Systems

Service Pack 2 (Server Core installation)

4517134 Servicing

Stack Update

Critical Defense in

Base: N/A

Temporal:

Vector: N/A

CVE-2019-0787 - Remote Desktop Client Remote Code Execution

Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Remote Desktop Client Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user

connects to a malicious server. An attacker who successfully exploited this vulnerability could

execute arbitrary code on the computer of the connecting client. An attacker could then install

programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to have control of a server and then convince

a user to connect to it. An attacker would have no way of forcing a user to connect to the

malicious server, they would need to trick the user into connecting via social engineering, DNS

poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a

legitimate server, host malicious code on it, and wait for the user to connect.

The update addresses the vulnerability by correcting how the Windows Remote Desktop Client

handles connection requests.

Execution

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-0787

Product KB

Article Severity Impact Supersedence CVSS Score Set

Restart

Required

CVE-2019-0787

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Critical

Remote

Execution

4512506

Base: 7.5

Temporal: 6.7

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Windows 7

for x64-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Critical

Remote

Execution

4512506

Base: 7.5

Temporal: 6.7

Vector:

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0787

Windows

8.1 for x64-

systems

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 for 32-

bit Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 for x64-

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1607 for 32-

bit Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0787

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1703 for 32-

bit Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1709 for 32-

bit Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0787

Windows

10 Version

1803 for 32-

bit Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1803 for

ARM64-

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1809 for 32-

bit Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1809 for

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0787

x64-based

Systems

Windows

10 Version

1809 for

ARM64-

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1709 for

ARM64-

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1903 for 32-

bit Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0787

Windows

10 Version

1903 for

ARM64-

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0788 - Remote Desktop Client Remote Code Execution

Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Remote Desktop Client Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user

connects to a malicious server. An attacker who successfully exploited this vulnerability could

execute arbitrary code on the computer of the connecting client. An attacker could then install

Execution

Maximum

Severity

Rating

Vulnerability

Impact

To exploit this vulnerability, an attacker would need to have control of a server and then convince

a user to connect to it. An attacker would have no way of forcing a user to connect to the

malicious server, they would need to trick the user into connecting via social engineering, DNS

poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a

legitimate server, host malicious code on it, and wait for the user to connect.

The update addresses the vulnerability by correcting how the Windows Remote Desktop Client

handles connection requests.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-0788

Product KB

Restart

Required

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

Windows

8.1 for x64-

systems

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0788

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 for 32-

bit Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 for x64-

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1607 for 32-

bit Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0788

Windows

10 Version

1703 for 32-

bit Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1709 for 32-

bit Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1803 for 32-

bit Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0788

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1803 for

ARM64-

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1809 for 32-

bit Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1809 for

4512578

Security Critical

Remote

Execution

4511553 Base: 7.5

Temporal: 6.7 Yes

CVE-2019-0788

ARM64-

Systems

Update

Vector:

Windows

10 Version

1709 for

ARM64-

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1903 for 32-

bit Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Windows

10 Version

1903 for

ARM64-

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-0788

Systems

CVE-2019-0928 - Windows Hyper-V Denial of Service Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Windows Hyper-V Denial of Service Vulnerability

Description:

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly

validate input from a privileged user on a guest operating system. To exploit the vulnerability, an

attacker who already has a privileged account on a guest operating system, running as a virtual

machine, could run a specially crafted application that causes a host machine to crash.

To exploit the vulnerability, an attacker who already has a privileged account on a guest operating

system, running as a virtual machine, could run a specially crafted application.

The security update addresses the vulnerability by resolving a number of conditions where Hyper-

V would fail to prevent a guest operating system from sending malicious requests.

Important Denial of

Service

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-0928

Product KB

Restart

Required

CVE-2019-0928

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Denial

Service

4512497

Base: 5.4

Temporal: 4.9

Vector:

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

Windows

Server 2016

4516044

Security

Update

Important

Denial

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Denial

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Denial

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Denial

Service

4512507

Base: 5.4

Temporal: 4.9

Vector:

Windows 10

Version 1709

4516066

Security Important

Denial

Service

4512516 Base: 5.4

Temporal: 4.9 Yes

CVE-2019-0928

for x64-based

Systems

Update

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Denial

Service

4512501

Base: 5.4

Temporal: 4.9

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Denial

Service

4512501

Base: 5.4

Temporal: 4.9

Vector:

CVE-2019-1138 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability

Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles

objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that

Moderate Remote Code

Execution

Maximum

Severity

Rating

Vulnerability

Impact

an attacker could execute arbitrary code in the context of the current user. An attacker who

successfully exploited the vulnerability could gain the same user rights as the current user. If the

current user is logged on with administrative user rights, an attacker who successfully exploited

the vulnerability could take control of an affected system. An attacker could then install

In a web-based attack scenario, an attacker could host a specially crafted website that is designed

to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.

The attacker could also take advantage of compromised websites and websites that accept or host

user-provided content or advertisements. These websites could contain specially crafted content

that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine

handles objects in memory.

Mitigations:

Workarounds:

Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1138

Product KB

Restart

Required

Microsoft

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Moderate

Remote

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVE-2019-1138

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1703

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1138

for 32-bit

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1138

Version 1709

for x64-based

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1138

Windows 10

Version 1803

for ARM64-

based Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

4512578

Security Critical

Remote

Execution

4511553 Base: 4.2

Temporal: 3.8 Yes

CVE-2019-1138

based) on

Windows 10

Version 1809

for ARM64-

based Systems

Update

Vector:

Microsoft

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1138

Windows 10

Version 1903

for 32-bit

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

ChakraCore

Release

Security

Critical

Remote

Execution

4512508 Base: 4.2

Temporal: 3.8 Maybe

CVE-2019-1138

Update

Vector:

CVE-2019-1142 - .NET Framework Elevation of Privilege Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: .NET Framework Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when the .NET Framework common language

runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited

this vulnerability could write files to folders that require higher privileges than what the attacker

already has.

To exploit the vulnerability, an attacker would need to log into a system. The attacker could then

specify the targeted folder and trigger an affected process to run.

The update addresses the vulnerability correcting how the .NET Framework CLR process logs

Important Elevation of

Privilege

Maximum

Severity

Rating

Vulnerability

Impact

There are two updates for .NET Framework 3.5 installed on Windows 10 version 1809 and

Windows Server 2019. How do I know which update I need to install?

The security updates for Windows 10 version 1809 and Windows Server 2019 include both .NET

Framework 3.5 and 4.7.2 or 4.8. Customers running these versions of Windows 10 need to

determine if they are also running .NET Framework 4.7.2 or .NET Framework 4.8. Install the

security update that includes that second version of .NET Framework.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1142

Product KB Article Severity Impact Supersedence CVSS

Score Set

Restart

Required

Microsoft .NET Framework 4.5.2 on Windows Server 2012

4514598

Security Only

4514603

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

(Server Core installation)

4514598

Security Only

4514603

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-

bit systems

4514599

Security Only

4514604

Monthly

Privilege

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1142

Rollup

Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-

based systems

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 4.5.2 on Windows RT 8.1

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

R2 (Server Core installation)

4514599

Security Only

4514604

Monthly

Privilege

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1142

Rollup

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2

on Windows Server 2012

4514598

Security Only

4514603

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

on Windows Server 2012 (Server Core installation)

4514598

Security Only

4514603

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

on Windows 8.1 for 32-bit systems

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

on Windows 8.1 for x64-based systems

4514599

Security Only

4514604

Privilege

Base: N/A

Temporal: Maybe

CVE-2019-1142

Monthly

Rollup

Vector: N/A

on Windows Server 2012 R2

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

on Windows RT 8.1

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

on Windows Server 2012 R2 (Server Core installation)

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 4.8 on Windows Server 2012

4514598

Security Only

4514603

Monthly

Privilege

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1142

Rollup

4514598

Security Only

4514603

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit

systems

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 4.8 on Windows 8.1 for x64-

based systems

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

4514599

Security Only

4514604

Privilege

Base: N/A

Temporal: Maybe

CVE-2019-1142

Monthly

Rollup

Vector: N/A

Microsoft .NET Framework 4.8 on Windows RT 8.1

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

4514599

Security Only

4514604

Monthly

Rollup

Privilege

Base: N/A

Temporal:

Vector: N/A

4514354

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 4.8 on Windows 10 Version

4514354

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

4514354

Security Important

Elevation of

Privilege

Base: N/A

Temporal: Maybe

CVE-2019-1142

Update

Vector: N/A

4514354

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

4514355

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

4514355

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

4514356

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

4514356

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1142

4514357

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

4514357

Security

Update

Privilege

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 4.8 on Windows Server,

version 1803 (Server Core Installation)

4516058

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 AND 4.8 on Windows 10

Version 1809 for 32-bit Systems

4514601

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Version 1809 for x64-based Systems

4514601

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 AND 4.8 on Windows

Server 2019

4514601

Security Important

Elevation of

Privilege 4512501

Base: N/A

Temporal: Maybe

CVE-2019-1142

Update

Vector: N/A

Server 2019 (Server Core installation)

4514601

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

4514359

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

4514359

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Server, version 1903 (Server Core installation)

4514359

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10

4514601

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1142

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10

4514601

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows

Server 2019

4514601

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows

Server 2019 (Server Core installation)

4514601

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

4514598

Security Only

4514603

Monthly

Rollup

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

4514598

Security Only

4514603

Monthly

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1142

Rollup

Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit

systems

4514599

Security Only

4514604

Monthly

Rollup

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 on Windows 8.1 for x64-

based systems

4514599

Security Only

4514604

Monthly

Rollup

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

4514599

Security Only

4514604

Monthly

Rollup

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

4514599

Security Only

4514604

Privilege 4512501

Base: N/A

Temporal: Maybe

CVE-2019-1142

Monthly

Rollup

Vector: N/A

Microsoft .NET Framework 3.5 on Windows 10 for 32-bit

Systems

4516070

Security

Update

Privilege 4512497

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 on Windows 10 for x64-

based Systems

4516070

Security

Update

Privilege 4512497

Base: N/A

Temporal:

Vector: N/A

4516044

Security

Update

Privilege 4512517

Base: N/A

Temporal:

Vector: N/A

4516044

Security

Update

Privilege 4512517

Base: N/A

Temporal:

Vector: N/A

4516044

Security

Update

Privilege 4512517

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1142

4516044

Security

Update

Privilege 4512517

Base: N/A

Temporal:

Vector: N/A

4516068

Security

Update

Privilege 4512507

Base: N/A

Temporal:

Vector: N/A

4516068

Security

Update

Privilege 4512507

Base: N/A

Temporal:

Vector: N/A

4516066

Security

Update

Privilege 4512516

Base: N/A

Temporal:

Vector: N/A

4516066

Security

Update

Privilege 4512516

Base: N/A

Temporal:

Vector: N/A

4516058

Security Important

Elevation of

Privilege 4512501

Base: N/A

Temporal: Yes

CVE-2019-1142

Update

Vector: N/A

4516058

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

Microsoft .NET Framework 3.5 on Windows Server,

version 1803 (Server Core Installation)

4516058

Security

Update

Privilege 4512501

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1208 - VBScript Remote Code Execution Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: VBScript Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the way that the VBScript engine handles objects

in memory. The vulnerability could corrupt memory in such a way that an attacker could execute

arbitrary code in the context of the current user. An attacker who successfully exploited the

Execution

Maximum

Severity

Rating

Vulnerability

Impact

vulnerability could gain the same user rights as the current user. If the current user is logged on

with administrative user rights, an attacker who successfully exploited the vulnerability could

take control of an affected system. An attacker could then install programs; view, change, or

delete data; or create new accounts with full user rights.

to exploit the vulnerability through Internet Explorer and then convince a user to view the

website. An attacker could also embed an ActiveX control marked "safe for initialization" in an

application or Microsoft Office document that hosts the IE rendering engine. The attacker could

also take advantage of compromised websites and websites that accept or host user-provided

content or advertisements. These websites could contain specially crafted content that could

exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles

objects in memory.

Mitigations:

Workarounds:

Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1208

Product KB Article Severity Impact Supersedence CVSS Score Set Restart

Required

Internet

Explorer 9

Windows

Server

2008 for

32-bit

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2019-1208

Systems

Service

Pack 2

Internet

Explorer 9

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

7 for 32-

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1208

Internet

Explorer

Windows

7 for x64-

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

2008 R2

for x64-

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872 Base: 6.4

Temporal: 5.8 Yes

CVE-2019-1208

Windows

Server

Vector:

Internet

Explorer

Windows

8.1 for 32-

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

8.1 for

x64-based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

2012 R2

4516067

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVE-2019-1208

Internet

Explorer

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 for 32-

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

4516044

Security

Update

Moderate

Remote

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:

CVE-2019-1208

Server

Internet

Explorer

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1208

1703 for

32-bit

Systems

Internet

Explorer

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1208

10 Version

1709 for

x64-based

Systems

Internet

Explorer

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

4516058

Security Critical

Remote

Execution

4512501 Base: 7.5

Temporal: 6.7 Yes

CVE-2019-1208

Windows

10 Version

1803 for

ARM64-

Systems

Update

Vector:

Internet

Explorer

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1208

Internet

Explorer

Windows

10 Version

1809 for

ARM64-

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

4512578

Security

Update

Moderate

Remote

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

10 Version

1709 for

ARM64-

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1208

Systems

Internet

Explorer

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1208

1903 for

ARM64-

Systems

Internet

Explorer

Windows

Server

4516055

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVE-2019-1209 - Lync 2013 Information Disclosure Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Lync 2013 Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it could

read arbitrary files on the victim's machine. Â To exploit the vulnerability, an attacker needs to

Important Information

Disclosure

Maximum

Severity

Rating

Vulnerability

Impact

instantiate a conference and modify the meeting link with malicious content and send the link to

a victim.

The update addresses the vulnerability by changing how the URL is being resolved.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this

vulnerability is unauthorized file system access - reading from the file system.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1209

Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required

Microsoft Lync Server 2013 4515509 Security Update

Important Information Disclosure

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1214 - Windows Common Log File System Driver Elevation of

Privilege Vulnerability

CVE ID Vulnerability Description Maximum

Severity Rating

Vulnerability

Impact

CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Description: Important

Elevation of

Privilege

Severity Rating

Vulnerability

Impact

An elevation of privilege vulnerability exists when the Windows Common Log File System

(CLFS) driver improperly handles objects in memory. An attacker who successfully exploited

this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a

specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how CLFS handles objects in

memory.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1214

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

4516033

Security

4516065

Monthly

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Service Pack

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Windows RT

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

4516066

Security Important

Elevation

Privilege

4512516 Base: 7.8

Temporal: 7 Yes

CVE-2019-1214

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1214

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1215 - Windows Elevation of Privilege Vulnerability

Severity Rating

Vulnerability

Impact

2019-1215

CVE Title: Windows Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles

objects in memory. An attacker who successfully exploited the vulnerability could execute

code with elevated privileges.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted

application.

Privilege

Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles

objects in memory.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1215

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1215

installation)

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1215

installation)

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1215

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1215

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1215

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 7.8

Temporal: 7 Yes

CVE-2019-1215

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

4512578

Security Important

Elevation

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

CVE-2019-1215

for x64-based

Systems

Update

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

4515384

Security Important

Elevation

Privilege

4512508 Base: 7.8

Temporal: 7 Yes

CVE-2019-1215

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1215

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1216 - DirectX Information Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

2019-1216

CVE Title: DirectX Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when DirectX improperly handles objects in

memory. An attacker who successfully exploited this vulnerability could obtain information to

further compromise the userâ€™s system.

An authenticated attacker could exploit this vulnerability by running a specially crafted

application.

The update addresses the vulnerability by correcting how DirectX handles objects in memory.

vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel

memory from a user mode process.

Mitigations:

Disclosure

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1216

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

CVE-2019-1216

Rollup

Windows 7

for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2008

R2 for

Itanium-

4516033

Security

4516065

Monthly

Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:

CVE-2019-1216

Systems

Service Pack

Rollup

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 5.5

Temporal: 5.1

Vector:

CVE-2019-1216

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:

Windows

8.1 for x64-

systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:

CVE-2019-1216

Windows

RT 8.1

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5.1

Vector:

Windows 10

for x64-

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2016

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:

CVE-2019-1216

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5.1

Vector:

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5.1

Vector:

Maximum

Severity

Rating

Vulnerability

Impact

Description:

Execution

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1217

Product KB

Restart

Required

CVE-2019-1217

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1217

for ARM64-

based Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1217

Version 1809

for ARM64-

based Systems

Microsoft

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1217

for x64-based

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

ChakraCore

Release

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1219 - Windows Transaction Manager Information Disclosure

Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Windows Transaction Manager Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when the Windows Transaction Manager

improperly handles objects in memory. An attacker who successfully exploited this

vulnerability could potentially read data that was not intended to be disclosed.

specially crafted application.

The security update addresses the vulnerability by correcting how the Transaction Manager

vulnerability is uninitialized memory.

Disclosure

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1219

Product KB

Restart

Required

Windows 7

for 32-bit

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes

CVE-2019-1219

Systems

Service Pack

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Windows 7

for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes

CVE-2019-1219

R2 for

Itanium-

Systems

Service Pack

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 5.5

Temporal: 5 Yes

CVE-2019-1219

Rollup

4516062

Security

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

8.1 for x64-

systems

4516064

Security

4516067

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1219

Monthly

Rollup

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

RT 8.1

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1219

Windows 10

for 32-bit

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:

Windows 10

for x64-

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2016

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 5.5

Temporal: 5 Yes

CVE-2019-1219

(Server Core

installation)

Update

Vector:

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

CVE-2019-1219

1803 for 32-

bit Systems

Update

Vector:

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1803 for

ARM64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1219

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for

ARM64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1219

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

ARM64-

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1219

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for x64-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 5.5

Temporal: 5 Yes

CVE-2019-1219

for x64-

Systems

Service Pack

2 (Server

installation)

Rollup

4516051

Security

Vector:

CVE-2019-1220 - Microsoft Browser Security Feature Bypass Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Microsoft Browser Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the

correct Security Zone of requests for specific URLs. This could allow an attacker to cause a

user to access a URL in a less restricted Internet Security Zone than intended.

To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted

URL to a victim and convince them to click on it.

Important Security Feature

Bypass

Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by correcting security feature behavior to

properly map affected URLs to the correct Security Zone.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1220

Required

Internet

Explorer 9 on

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516046

Cumulative

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Internet

Explorer 9 on

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516046

Cumulative

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

Internet

Explorer 11

on Windows

7 for 32-bit

Systems

4516065

Monthly

Rollup

4516046

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVE-2019-1220

Service Pack

Cumulative

Internet

Explorer 11

on Windows

7 for x64-

Systems

Service Pack

4516065

Monthly

Rollup

4516046

Cumulative

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516065

Monthly

Rollup

4516046

Cumulative

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

Internet

Explorer 11

on Windows

Server 2012

4516046

Cumulative

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

CVE-2019-1220

Internet

Explorer 11

on Windows

8.1 for 32-bit

systems

4516067

Monthly

Rollup

4516046

Cumulative

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

8.1 for x64-

systems

4516067

Monthly

Rollup

4516046

Cumulative

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

Server 2012

4516067

Monthly

Rollup

4516046

Cumulative

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

CVE-2019-1220

Internet

Explorer 11

on Windows

RT 8.1

4516067

Monthly

Rollup

Important

Security

Feature

Bypass

4512488

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 for 32-bit

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 for x64-

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

Server 2016

4516044

Security

Update

Security

Feature

Bypass

4512517

Base: 2.4

Temporal: 2.2

Vector:

Internet

Explorer 11

on Windows

10 Version

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

1607 for 32-

bit Systems

Internet

Explorer 11

on Windows

10 Version

1607 for x64-

Systems

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1703 for x64-

Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Internet

Explorer 11

on Windows

10 Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1709 for x64-

Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

1803 for x64-

Systems

Internet

Explorer 11

on Windows

10 Version

1803 for

ARM64-

Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1809 for x64-

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Systems

Internet

Explorer 11

on Windows

10 Version

1809 for

ARM64-

Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

Server 2019

4512578

Security

Update

Security

Feature

Bypass

4511553

Base: 2.4

Temporal: 2.2

Vector:

Internet

Explorer 11

on Windows

10 Version

1709 for

ARM64-

Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Internet

Explorer 11

on Windows

10 Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1903 for x64-

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:

Internet

Explorer 11

on Windows

10 Version

1903 for

ARM64-

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Internet

Explorer 10

on Windows

Server 2012

4516055

Monthly

Rollup

4516046

Cumulative

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Microsoft

(EdgeHTML-

based) on

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Microsoft

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1709

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

for 32-bit

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Version 1803

for x64-based

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

4512578

Security Important

Security

Feature

Bypass

4511553 Base: 4.3

Temporal: 3.9 Yes

CVE-2019-1220

based) on

Windows 10

Version 1809

for x64-based

Systems

Update

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

4516066

Security Important

Security

Feature

Bypass

4512516 Base: 4.3

Temporal: 3.9 Yes

CVE-2019-1220

based) on

Windows 10

Version 1709

for ARM64-

Systems

Update

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1220

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:

CVE-2019-1221 - Scripting Engine Memory Corruption Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Scripting Engine Memory Corruption Vulnerability

Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects

in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an

attacker could execute arbitrary code in the context of the current user. An attacker who

Execution

Maximum

Severity

Rating

Vulnerability

Impact

objects in memory.

Mitigations:

Workarounds:

Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1221

Required

Internet

Explorer

Windows

7 for 32-

Systems

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1221

Service

Pack 1

Internet

Explorer

Windows

7 for x64-

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

2008 R2

for x64-

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVE-2019-1221

Internet

Explorer

Windows

Server

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

8.1 for 32-

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

8.1 for

x64-based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

4516067

Monthly

Rollup

Moderate

Remote

Execution

4511872 Base: 6.4

Temporal: 5.8 Yes

CVE-2019-1221

Windows

Server

2012 R2

4516046 IE

Cumulative

Vector:

Internet

Explorer

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 for 32-

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1221

Internet

Explorer

Windows

Server

4516044

Security

Update

Moderate

Remote

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1221

Internet

Explorer

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1709 for

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1221

32-bit

Systems

Internet

Explorer

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1221

1803 for

x64-based

Systems

Internet

Explorer

Windows

10 Version

1803 for

ARM64-

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

4512578

Security Critical

Remote

Execution

4511553 Base: 7.5

Temporal: 6.7 Yes

CVE-2019-1221

Windows

10 Version

1809 for

x64-based

Systems

Update

Vector:

Internet

Explorer

Windows

10 Version

1809 for

ARM64-

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

4512578

Security

Update

Moderate

Remote

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

4516066

Security Critical

Remote

Execution

4512516 Base: 7.5

Temporal: 6.7 Yes

CVE-2019-1221

Windows

10 Version

1709 for

ARM64-

Systems

Update

Vector:

Internet

Explorer

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1221

Internet

Explorer

Windows

10 Version

1903 for

ARM64-

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1231 - Rome SDK Information Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

2019-1231

CVE Title: Rome SDK Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS

certificate validation. This vulnerability allows an unauthenticated attacker to establish

connection with an invalid SSL/TLS server certificate.

To exploit this, an attacker would have to Man-In-The-Middle to intercept an established

connection.

Disclosure

Severity Rating

Vulnerability

Impact

This security update addresses the issue by handling server SSL/TLS certificate validation

correctly.

What versions of the Project Rome SDK are affected by this vulnerability?

Version 1.4.0 and all previous versions of the SDK are affected. Version 1.4.1 does not have

the vulnerability.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1231

Rome SDK 1.4.1 Release Notes Security Update

Important Information Disclosure

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1232 - Diagnostics Hub Standard Collector Service Elevation of

Privilege Vulnerability

Severity Rating

Vulnerability

Impact

2019-1232

CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Elevation of

Privilege

Severity Rating

Vulnerability

Impact

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector

Service improperly impersonates certain file operations. An attacker who successfully

exploited this vulnerability could gain elevated privileges.

An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.

The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard

Collector Service properly impersonates file operations.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1232

Product KB

Restart

Required

Microsoft

Visual Studio

2015 Update

4513696

Security

Update

Important

Elevation

Privilege

Base: N/A

Temporal: N/A

Vector: N/A

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1232

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

4516066

Security Important

Elevation

Privilege

4512516 Base: 7.8

Temporal: 7 Yes

CVE-2019-1232

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1232

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1232

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Microsoft

Visual Studio

2017 version

Release

Security

Update

Important

Elevation

Privilege

4512516

Base: N/A

Temporal: N/A

Vector: N/A

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1232

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Microsoft

Visual Studio

2017 version

Release

Security

Update

Important

Elevation

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft

Visual Studio

2019 version

Release

Security

Update

Important

Elevation

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft

Visual Studio

2019 version

Release

Security

Update

Important

Elevation

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1233 - Microsoft Exchange Denial of Service Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Microsoft Exchange Denial of Service Vulnerability

Description:

A denial of service vulnerability exists in Microsoft Exchange Server software when the

software fails to properly handle objects in memory. An attacker who successfully exploited the

vulnerability could cause a remote denial of service against a system.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable

Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange Server

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Important Denial of

Service

Severity Rating

Vulnerability

Impact

Affected Software

CVE-2019-1233

Restart

Required

Microsoft Exchange Server 2016 Cumulative

Update 12

4515832 Security

Update

Important Denial of

Service 4509409

Base: N/A

Temporal: N/A

Vector: N/A

Update 1

4515832 Security

Update

Important Denial of

Service 4509408

Base: N/A

Temporal: N/A

Vector: N/A

Update 2

4515832 Security

Update

Important Denial of

Service 4509408

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1233

Update 13

4515832 Security

Update

Important Denial of

Service 4509409

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1235 - Windows Text Service Framework Elevation of Privilege

Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Windows Text Service Framework Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when

the TSF server process does not validate the source of input or commands it receives. An attacker

who successfully exploited this vulnerability could inject commands or read input sent through a

malicious Input Method Editor (IME). This only affects systems that have installed an IME.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker

could then run a specially crafted application that could exploit the vulnerability and take control

of an affected system.

Privilege

Maximum

Severity

Rating

Vulnerability

Impact

The security update addresses this vulnerability by correcting how the TSF server and client

validate input from each other.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1235

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1235

installation)

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1235

installation)

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1235

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1235

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1235

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 7.8

Temporal: 7 Yes

CVE-2019-1235

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

4512578

Security Important

Elevation

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

CVE-2019-1235

for x64-based

Systems

Update

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

4515384

Security Important

Elevation

Privilege

4512508 Base: 7.8

Temporal: 7 Yes

CVE-2019-1235

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1235

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1236 - VBScript Remote Code Execution Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: VBScript Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the way that the VBScript engine handles objects

in memory. The vulnerability could corrupt memory in such a way that an attacker could execute

arbitrary code in the context of the current user. An attacker who successfully exploited the

vulnerability could gain the same user rights as the current user. If the current user is logged on

with administrative user rights, an attacker who successfully exploited the vulnerability could

take control of an affected system. An attacker could then install programs; view, change, or

Execution

Maximum

Severity

Rating

Vulnerability

Impact

objects in memory.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1236

Required

Internet

Explorer 9

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer 9

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVE-2019-1236

Internet

Explorer

Windows

7 for 32-

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

7 for x64-

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

4516065

Monthly

Rollup

4516046 IE

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVE-2019-1236

2008 R2

for x64-

Systems

Service

Pack 1

Cumulative

Internet

Explorer

Windows

Server

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

8.1 for 32-

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

4516067

Monthly

Rollup

4516046 IE

Critical

Remote

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1236

8.1 for

x64-based

systems

Cumulative

Internet

Explorer

Windows

Server

2012 R2

4516067

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 for 32-

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1236

Internet

Explorer

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

4516044

Security

Update

Moderate

Remote

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1236

Internet

Explorer

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1703 for

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1236

x64-based

Systems

Internet

Explorer

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1236

1803 for

32-bit

Systems

Internet

Explorer

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1803 for

ARM64-

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

4512578

Security Critical

Remote

Execution

4511553 Base: 7.5

Temporal: 6.7 Yes

CVE-2019-1236

Windows

10 Version

1809 for

32-bit

Systems

Update

Vector:

Internet

Explorer

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1809 for

ARM64-

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1236

Internet

Explorer

Windows

Server

4512578

Security

Update

Moderate

Remote

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:

Internet

Explorer

Windows

10 Version

1709 for

ARM64-

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

CVE-2019-1236

Internet

Explorer

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

10 Version

1903 for

ARM64-

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:

Internet

Explorer

Windows

Server

4516055

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

Maximum

Severity

Rating

Vulnerability

Impact

Description:

Execution

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1237

Product KB

Restart

Required

CVE-2019-1237

Microsoft

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Moderate

Remote

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1237

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1709

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1237

for 32-bit

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1237

Version 1803

for x64-based

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1237

Windows 10

Version 1809

for x64-based

Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1237

Version 1709

for ARM64-

based Systems

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

Microsoft

(EdgeHTML-

based) on

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1237

Windows 10

Version 1903

for ARM64-

based Systems

ChakraCore

Release

Security

Update

Critical

Remote

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:

CVE-2019-1240 - Jet Database Engine Remote Code Execution Vulnerability

Severity Rating

Vulnerability

Impact

2019-1240

CVE Title: Jet Database Engine Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine

vulnerability could execute arbitrary code on a victim system.

Important Remote Code

Execution

Severity Rating

Vulnerability

Impact

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted

The update addresses the vulnerability by correcting the way the Windows Jet Database

Engine handles objects in memory.

Are Active Directory and Exchange Server affected by this vulnerability?

No, Active Directory and Exchange Server are not affected.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1240

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1240

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1240

Service Pack

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1240

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1240

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1240

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

4516066

Security Important

Remote

Execution

4512516 Base: 7.8

Temporal: 7 Yes

CVE-2019-1240

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Execution

4512501

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1240

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1240

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1240

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1240

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1241

Description:

Execution

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1241

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Service Pack

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

4516066

Security Important

Remote

Execution

4512516 Base: 7.8

Temporal: 7 Yes

CVE-2019-1241

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1241

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1242

Description:

Execution

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1242

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Service Pack

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

4516066

Security Important

Remote

Execution

4512516 Base: 7.8

Temporal: 7 Yes

CVE-2019-1242

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1242

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1243

Description:

Execution

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1243

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Service Pack

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

4516066

Security Important

Remote

Execution

4512516 Base: 7.8

Temporal: 7 Yes

CVE-2019-1243

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1243

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1244 - DirectWrite Information Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

2019-1244

CVE Title: DirectWrite Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when DirectWrite improperly discloses the

contents of its memory. An attacker who successfully exploited the vulnerability could obtain

information to further compromise the userâ€™s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a

user to open a specially crafted document, or by convincing a user to visit an untrusted

webpage.

Disclosure

Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by correcting how DirectWrite handles objects

in memory.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1244

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Windows 7

for x64-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1244

R2 for x64-

Systems

Service

Pack 1

(Server

installation)

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1244

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2012

(Server

installation)

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1244

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows

8.1 for x64-

systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows

RT 8.1

4516067

Monthly Important

Information

Disclosure 4512488

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1244

Rollup

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

for x64-

Systems

4516070

Security

Update

Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2016

4516044

Security

Update

Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

4516044

Security Important

Information

Disclosure 4512517

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1244

1607 for 32-

bit Systems

Update

Vector:

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2016

(Server

installation)

4516044

Security

Update

Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

4516066

Security Important

Information

Disclosure 4512516

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1244

1709 for 32-

bit Systems

Update

Vector:

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server,

version

(Server

Installation)

4516058

Security

Update

Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1244

Windows 10

Version

1803 for

ARM64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1809 for

ARM64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2019

4512578

Security Important

Information

Disclosure 4511553

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1244

Update

Vector:

Windows

Server 2019

(Server

installation)

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1709 for

ARM64-

Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1244

Windows 10

Version

1903 for

ARM64-

Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server,

version

(Server

installation)

4515384

Security

Update

Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for Itanium-

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for 32-bit

4516026

Monthly

Rollup

Disclosure 4512476

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1244

Systems

Service

Pack 2

4516051

Security

Vector:

Windows

Server 2008

for x64-

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for x64-

Systems

Service

Pack 2

(Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Severity Rating

Vulnerability

Impact

2019-1245

Description:

webpage.

in memory.

Disclosure

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1245

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

4516065

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1245

Service

Pack 1

Monthly

Rollup

Windows 7

for x64-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service

Pack 1

(Server

installation)

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

R2 for

4516033

Security

Disclosure 4512506

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1245

Itanium-

Systems

Service

Pack 1

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1245

Rollup

4516062

Security

Vector:

Windows

Server 2012

(Server

installation)

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 6.5

Temporal: 5.9

Vector:

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows

8.1 for x64-

systems

4516064

Security

4516067

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1245

Monthly

Rollup

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows

RT 8.1

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1245

Windows 10

for 32-bit

Systems

4516070

Security

Update

Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

for x64-

Systems

4516070

Security

Update

Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2016

4516044

Security

Update

Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1245

(Server

installation)

Update

Vector:

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1245

1803 for 32-

bit Systems

Update

Vector:

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server,

version

(Server

Installation)

4516058

Security

Update

Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1803 for

ARM64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

4512578

Security Important

Information

Disclosure 4511553

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1245

1809 for 32-

bit Systems

Update

Vector:

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1809 for

ARM64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2019

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2019

(Server

installation)

4512578

Security

Update

Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1245

Windows 10

Version

1709 for

ARM64-

Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version

1903 for

ARM64-

Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server,

4515384

Security Important

Information

Disclosure 4512508

Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1245

version

(Server

installation)

Update

Vector:

Windows

Server 2008

for Itanium-

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

4516051

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1245

Systems

Service

Pack 2

Security

Windows

Server 2008

for x64-

Systems

Service

Pack 2

(Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:

Severity Rating

Vulnerability

Impact

2019-1246

Remote Code

Execution

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Severity Rating

Vulnerability

Impact

Affected Software

CVE-2019-1246

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Rollup

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

4516033

Security

4516065

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Systems

Service Pack

Monthly

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Microsoft

Office 2010

Service Pack

2 (32-bit

editions)

4475599

Security

Update

Important

Remote

Execution

4475506

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft

Office 2010

Service Pack

2 (64-bit

editions)

4475599

Security

Update

Important

Remote

Execution

4475506

Base: N/A

Temporal: N/A

Vector: N/A

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Microsoft

Office 2013

Service Pack

1 (32-bit

editions)

4475611

Security

Update

Important

Remote

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft

Office 2013

Service Pack

1 (64-bit

editions)

4475611

Security

Update

Important

Remote

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft

Office 2013

RT Service

Pack 1

4475611

Security

Update

Important

Remote

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Microsoft

Office 2016

(32-bit

edition)

4475591

Security

Update

Important

Remote

Execution

4475538

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft

Office 2016

(64-bit

edition)

4475591

Security

Update

Important

Remote

Execution

4475538

Base: N/A

Temporal: N/A

Vector: N/A

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security Important

Remote

Execution

4512517 Base: 7.8

Temporal: 7 Yes

CVE-2019-1246

(Server Core

installation)

Update

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Microsoft

Office 2019

for 32-bit

editions

Click to

Security

Update

Important

Remote

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft

Office 2019

for 64-bit

editions

Click to

Security

Update

Important

Remote

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1246

Office 365

ProPlus for

32-bit

Systems

Click to

Security

Update

Important

Remote

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

Office 365

ProPlus for

64-bit

Systems

Click to

Security

Update

Important

Remote

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1246

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1247

Description:

Mitigations:

Execution

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1247

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Rollup

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Systems

Service Pack

Rollup

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

4516068

Security Important

Remote

Execution

4512507 Base: 7.8

Temporal: 7 Yes

CVE-2019-1247

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1247

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1248

Description:

Mitigations:

Execution

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1248

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Rollup

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Systems

Service Pack

Rollup

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

4516068

Security Important

Remote

Execution

4512507 Base: 7.8

Temporal: 7 Yes

CVE-2019-1248

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1248

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1249

Description:

Mitigations:

Execution

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1249

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Rollup

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Systems

Service Pack

Rollup

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

4516068

Security Important

Remote

Execution

4512507 Base: 7.8

Temporal: 7 Yes

CVE-2019-1249

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1249

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1250

Description:

Mitigations:

Execution

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1250

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Rollup

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

4516033

Security

4516065

Monthly

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Systems

Service Pack

Rollup

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Remote

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Execution

4512518

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Remote

Execution

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Execution

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Execution

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

4516068

Security Important

Remote

Execution

4512507 Base: 7.8

Temporal: 7 Yes

CVE-2019-1250

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Execution

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Remote

Execution

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Windows

Server 2019

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Execution

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Remote

Execution

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Execution

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1250

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Execution

4512476

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1251

Description:

webpage.

in memory.

vulnerability is memory layout - the vulnerability allows an attacker to collect information that

facilitates predicting addressing of the memory.

Disclosure

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1251

Product KB

Restart

Required

Windows 10

Version

4516068

Security Important

Information

Disclosure 4512507

Base: 5.5

Temporal: 5 Yes

CVE-2019-1251

1703 for 32-

bit Systems

Update

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1803 for

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

CVE-2019-1251

x64-based

Systems

Update

Vector:

Windows

Server,

version

(Server

Installation)

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1803 for

ARM64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1251

x64-based

Systems

Windows 10

Version

1809 for

ARM64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

(Server

installation)

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

ARM64-

Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1251

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

ARM64-

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version

(Server

installation)

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1252 - Windows GDI Information Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Windows GDI Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when the Windows GDI component improperly

discloses the contents of its memory. An attacker who successfully exploited the vulnerability

could obtain information to further compromise the userâ€™s system.

webpage.

The security update addresses the vulnerability by correcting how the Windows GDI

component handles objects in memory.

vulnerability is memory layout - the vulnerability allows an attacker to collect information that

facilitates predicting addressing of the memory.

Disclosure

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1252

Product KB

Restart

Required

Windows 7

for 32-bit

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes

CVE-2019-1252

Systems

Service

Pack 1

4516065

Monthly

Rollup

Vector:

Windows 7

for x64-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service

Pack 1

(Server Core

installation)

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes

CVE-2019-1252

R2 for

Itanium-

Systems

Service

Pack 1

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service

Pack 1

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 5.5

Temporal: 5 Yes

CVE-2019-1252

Rollup

4516062

Security

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

8.1 for x64-

systems

4516064

Security

4516067

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1252

Monthly

Rollup

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

RT 8.1

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1252

Windows 10

for 32-bit

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:

Windows 10

for x64-

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2016

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 5.5

Temporal: 5 Yes

CVE-2019-1252

(Server Core

installation)

Update

Vector:

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

CVE-2019-1252

1803 for 32-

bit Systems

Update

Vector:

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version

(Server Core

Installation)

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1803 for

ARM64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1252

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for

ARM64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1252

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

ARM64-

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version

(Server Core

installation)

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1252

Windows

Server 2008

for Itanium-

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for x64-

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 5.5

Temporal: 5 Yes

CVE-2019-1252

for x64-

Systems

Service

Pack 2

(Server Core

installation)

Rollup

4516051

Security

Vector:

Severity Rating

Vulnerability

Impact

CVE-2019-

Description:

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server

improperly handles junctions.

To exploit this vulnerability, an attacker would first have to gain execution on the victim

system. An attacker could then run a specially crafted application to elevate privileges.

The security update addresses the vulnerability by correcting how AppX Deployment

Server handles junctions.

Privilege

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1253

Product KB

Restart

Required

CVE-2019-1253

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 7.8

Temporal: 7 Yes

CVE-2019-1253

for x64-based

Systems

Update

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

4512578

Security Important

Elevation

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

CVE-2019-1253

Systems

Update

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1253

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1254 - Windows Hyper-V Information Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

2019-1254

CVE Title: Windows Hyper-V Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized

memory to disk. An attacker could exploit the vulnerability by reading a file to recover

kernel memory.

Disclosure

Severity Rating

Vulnerability

Impact

To exploit the vulnerability, an attacker would first require access to a Hyper-V host.

The security update addresses the vulnerability by ensuring Hyper-V properly initializes

memory before writing it to disk.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1254

Product KB

Restart

Required

Windows

Server 2016

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2016

(Server

installation)

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

4516068

Security Important

Information

Disclosure 4512507

Base: 5.5

Temporal: 5 Yes

CVE-2019-1254

1703 for

x64-based

Systems

Update

Vector:

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version

(Server

Installation)

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for

4512578

Security Important

Information

Disclosure 4511553

Base: 5.5

Temporal: 5 Yes

CVE-2019-1254

x64-based

Systems

Update

Vector:

Windows

Server 2019

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

(Server

installation)

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version

(Server

installation)

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1256 - Win32k Elevation of Privilege Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Win32k Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to

properly handle objects in memory. An attacker who successfully exploited this vulnerability

could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or

The update addresses this vulnerability by correcting how Win32k handles objects in memory.

Mitigations:

Workarounds:

Privilege

Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1256

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Service Pack

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

4516068

Security Important

Elevation

Privilege

4512507 Base: 7.8

Temporal: 7 Yes

CVE-2019-1256

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1256

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1257 - Microsoft SharePoint Remote Code Execution Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to

check the source markup of an application package. An attacker who successfully exploited the

vulnerability could run arbitrary code in the context of the SharePoint application pool and the

SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint

application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source

markup of application packages.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Execution

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1257

Restart

Required

Microsoft SharePoint Foundation 2010

Service Pack 2

4475605 Security

Update

Execution 4475575

Base: N/A

Temporal: Maybe

CVE-2019-1257

Vector: N/A

Service Pack 1

4484098 Security

Update

Execution 4475565

Base: N/A

Temporal:

Vector: N/A

Microsoft SharePoint Enterprise Server

4475590 Security

Update

Execution 4475549

Base: N/A

Temporal:

Vector: N/A

Microsoft SharePoint Server 2019

4475596 Security

Update

Execution 4475555

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1259 - Microsoft SharePoint Spoofing Vulnerability

Severity Rating

Vulnerability

Impact

2019-1259

CVE Title: Microsoft SharePoint Spoofing Vulnerability

Description: Moderate Spoofing

Severity Rating

Vulnerability

Impact

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests

to authorize applications, resulting in cross-site request forgery (CSRF).

To exploit this vulnerability, an attacker would need to create a page specifically designed to

cause a cross-site request. The attacker would then need to convince a targeted user to click a

link to the malicious page.

The security update addresses the vulnerability by helping to ensure that SharePoint Server

properly sanitizes user web requests.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Severity Rating

Vulnerability

Impact

Affected Software

CVE-2019-1259

Restart

Required

Microsoft SharePoint Foundation 2013 Service

Pack 1

4484098 Security

Update

Moderate Spoofing 4475565

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1260 - Microsoft SharePoint Elevation of Privilege Vulnerability

Severity Rating

Vulnerability

Impact

2019-1260

CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability

Elevation of

Privilege

Severity Rating

Vulnerability

Impact

An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who

successfully exploited this vulnerability could attempt to impersonate another user of the

SharePoint server.

To exploit this vulnerability, an authenticated attacker would send a specially crafted request

to an affected server, thereby allowing the impersonation of another SharePoint user.

The security update addresses the vulnerability by correcting how Microsoft SharePoint

sanitizes user input.

There are multiple update packages available for some of the affected software. Do I

need to install all the updates listed in the Security Updates table for the software?

Yes. Customers should apply all updates offered for the software installed on their systems.

If multiple updates apply, they can be installed in any order.

Mitigations:

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1260

Restart

Required

Service Pack 2

4475605 Security

Update

Privilege 4475575

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1260

Service Pack 1

4484098 Security

Update

4484099 Security

Update

Privilege 4475565

Base: N/A

Temporal:

Vector: N/A

Microsoft SharePoint Enterprise Server

4475590 Security

Update

4475594 Security

Update

Privilege 4475549

Base: N/A

Temporal:

Vector: N/A

4464557 Security

Update

4475596 Security

Update

Privilege 4475555

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1261 - Microsoft SharePoint Spoofing Vulnerability

Severity Rating

Vulnerability

Impact

2019-1261

CVE Title: Microsoft SharePoint Spoofing Vulnerability

Description:

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests

to authorize applications, resulting in cross-site request forgery (CSRF).

To exploit this vulnerability, an attacker would need to create a page specifically designed to

cause a cross-site request. The attacker would then need to convince a targeted user to click a

link to the malicious page.

properly sanitizes user web requests.

Mitigations:

Important Spoofing

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1261

Restart

Required

Pack 1

4484098 Security

Update

Important Spoofing 4475565

Base: N/A

Temporal: N/A

Vector: N/A

Microsoft SharePoint Enterprise Server 2016

4475590 Security

Update

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1261

4475596 Security

Update

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1262 - Microsoft Office SharePoint XSS Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Microsoft Office SharePoint XSS Vulnerability

Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not

properly sanitize a specially crafted web request to an affected SharePoint server. An

authenticated attacker could exploit the vulnerability by sending a specially crafted request to an

affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting

attacks on affected systems and run script in the security context of the current user. The attacks

could allow the attacker to read content that the attacker is not authorized to read, use the victim's

identity to take actions on the SharePoint site on behalf of the user, such as change permissions

and delete content, and inject malicious content in the browser of the user.

Important Spoofing

Maximum

Severity

Rating

Vulnerability

Impact

properly sanitizes web requests.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1262

Restart

Required

Pack 1

4484098 Security

Update

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1263 - Microsoft Excel Information Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

2019-1263

CVE Title: Microsoft Excel Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the

contents of its memory. An attacker who exploited the vulnerability could use the information

to compromise the userâ€™s computer or data.

Disclosure

Severity Rating

Vulnerability

Impact

To exploit the vulnerability, an attacker could craft a special document file and then convince

the user to open it. An attacker must know the memory address location where the object was

created.

The update addresses the vulnerability by changing the way certain Excel functions handle

objects in memory.

Mitigations:

Workarounds:

Severity Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1263

Restart

Required

Microsoft Excel 2010 Service Pack 2

(32-bit editions)

4475574 Security

Update

Disclosure 4464572

Base: N/A

Temporal:

Vector: N/A

(64-bit editions)

4475574 Security

Update

Disclosure 4464572

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1263

(32-bit editions)

4475566 Security

Update

Disclosure 4464565

Base: N/A

Temporal:

Vector: N/A

(64-bit editions)

4475566 Security

Update

Disclosure 4464565

Base: N/A

Temporal:

Vector: N/A

Microsoft Excel 2013 RT Service Pack

4475566 Security

Update

Disclosure 4464565

Base: N/A

Temporal:

Vector: N/A

Microsoft Office 2016 for Mac

Release Notes Security

Update

Disclosure 4464565

Base: N/A

Temporal:

Vector: N/A

Microsoft Excel 2016 (32-bit edition)

4475579 Security

Update

Disclosure 4475513

Base: N/A

Temporal:

Vector: N/A

Microsoft Excel 2016 (64-bit edition)

4475579 Security

Update

Disclosure 4475513

Base: N/A

Temporal: Maybe

CVE-2019-1263

Vector: N/A

Microsoft Office 2019 for 32-bit

editions

Click to Run Security

Update

Disclosure 4475513

Base: N/A

Temporal:

Vector: N/A

Microsoft Office 2019 for 64-bit

editions

Update

Disclosure 4475513

Base: N/A

Temporal:

Vector: N/A

Microsoft Office 2019 for Mac

Release Notes Security

Update

Disclosure 4475513

Base: N/A

Temporal:

Vector: N/A

Office 365 ProPlus for 32-bit Systems

Update

Disclosure 4475513

Base: N/A

Temporal:

Vector: N/A

Update

Disclosure 4475513

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1264 - Microsoft Office Security Feature Bypass Vulnerability

Severity Rating

Vulnerability

Impact

2019-1264

CVE Title: Microsoft Office Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Office improperly handles input.

An attacker who successfully exploited the vulnerability could execute arbitrary commands.

In a file-sharing attack scenario, an attacker could provide a specially crafted document file

designed to exploit the vulnerability, and then convince a user to open the document file and

interact with the document by clicking a specific cell.

The update addresses the vulnerability by correcting how Microsoft Office handles input.

Mitigations:

Workarounds:

Bypass

Severity Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1264

Restart

Required

Microsoft Project 2010 Service Pack 2

(32-bit editions)

4461631 Security

Update

Bypass 4022147

Base: N/A

Temporal:

Vector: N/A

(64-bit editions)

4461631 Security

Update

Bypass 4022147

Base: N/A

Temporal: Maybe

CVE-2019-1264

Vector: N/A

Microsoft Office 2010 Service Pack 2

(32-bit editions)

4464566 Security

Update

Bypass 4462223

Base: N/A

Temporal:

Vector: N/A

(64-bit editions)

4464566 Security

Update

Bypass 4462223

Base: N/A

Temporal:

Vector: N/A

(32-bit editions)

4475607 Security

Update

Bypass 4464558

Base: N/A

Temporal:

Vector: N/A

(64-bit editions)

4475607 Security

Update

Bypass 4464558

Base: N/A

Temporal:

Vector: N/A

Microsoft Office 2013 RT Service Pack

4475607 Security

Update

Bypass 4464558

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1264

Microsoft Office 2016 (32-bit edition)

4475583 Security

Update

Bypass 4462242

Base: N/A

Temporal:

Vector: N/A

Microsoft Office 2016 (64-bit edition)

4475583 Security

Update

Bypass 4462242

Base: N/A

Temporal:

Vector: N/A

Microsoft Project 2016 (32-bit edition)

4475589 Security

Update

Bypass 4461478

Base: N/A

Temporal:

Vector: N/A

Microsoft Project 2016 (64-bit edition)

4475589 Security

Update

Bypass 4461478

Base: N/A

Temporal:

Vector: N/A

(32-bit editions)

4464548 Security

Update

Bypass 4461489

Base: N/A

Temporal:

Vector: N/A

(64-bit editions)

4464548 Security

Update

Bypass 4461489

Base: N/A

Temporal: Maybe

CVE-2019-1264

Vector: N/A

Microsoft Office 2019 for 32-bit editions

Update

Bypass 4461489

Base: N/A

Temporal:

Vector: N/A

Microsoft Office 2019 for 64-bit editions

Update

Bypass 4461489

Base: N/A

Temporal:

Vector: N/A

Update

Bypass 4461489

Base: N/A

Temporal:

Vector: N/A

Update

Bypass 4461489

Base: N/A

Temporal:

Vector: N/A

CVE-2019-1265 - Microsoft Yammer Security Feature Bypass Vulnerability

Severity Rating

Vulnerability

Impact

2019-1265

CVE Title: Microsoft Yammer Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails

to apply the correct Intune MAM Policy.

This could allow an attacker to perform functions that are restricted by Intune Policy.

The security update addresses the vulnerability by correcting the way the policy is applied to

Yammer App.

How do I get the update for Yammer for Android?

1. Tap the Google Play icon on your home screen.

2. Swipe in from the left edge of the screen.

3. Tap My apps & games.

4. Tap the Update box next to the Yammer app.

Is there a direct link on the web?

Bypass

Severity Rating

Vulnerability

Impact

Yes: https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US

What versions of the Yammer for Android App contain the fix for this vulnerability?

Yammer for Android App versions 5.6.10 or higher are not affected by this vulnerability.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1265

Yammer for Android Important Security Feature Bypass

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1266 - Microsoft Exchange Spoofing Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Microsoft Exchange Spoofing Vulnerability

Description:

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA)

fails to properly handle web requests. An attacker who successfully exploited the vulnerability

could perform script or content injection attacks, and attempt to trick the user into disclosing

sensitive information. An attacker could also redirect the user to a malicious website that could

spoof content or the vulnerability could be used as a pivot to chain an attack with other

vulnerabilities in web services.

Important Spoofing

Maximum

Severity

Rating

Vulnerability

Impact

To exploit the vulnerability, an attacker could send a specially crafted email containing a

malicious link to a user. An attacker could also use a chat client to social engineer a user into

clicking the malicious link. However, in both examples the user must click the malicious link.

The security update addresses the vulnerability by correcting how OWA validates web requests.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1266

Restart

Required

Update 12

4515832 Security

Update

Base: N/A

Temporal: N/A

Vector: N/A

Update 1

4515832 Security

Update

Base: N/A

Temporal: N/A

Vector: N/A

Update 2

4515832 Security

Update

Base: N/A

Temporal: N/A

Vector: N/A

Update 13

4515832 Security

Update

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1267 - Microsoft Compatibility Appraiser Elevation of Privilege

Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a

configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An

attacker who successfully exploited this vulnerability could run processes in an elevated context.

An attacker could then install programs; view, change or delete data.

The security update addresses the vulnerability by writing the file to a location with an appropriate

Access Control List.

Privilege

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1267

Product KB

Restart

Required

Windows 7 for

32-bit Systems

Service Pack 1

4516033

Security

Important

Elevation

Privilege

4512506 Base: 7.3

Temporal: 6.6 Yes

CVE-2019-1267

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C

Windows 7 for

x64-based

Systems

Service Pack 1

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

(Server Core

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

R2 for

Itanium-Based

4516033

Security

4516065

Monthly

Important

Elevation

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1267

Systems

Service Pack 1

Rollup

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1267

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1267

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1703

4516068

Security Important

Elevation

Privilege

4512507 Base: 7.3

Temporal: 6.6 Yes

CVE-2019-1267

for x64-based

Systems

Update

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1267

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2019

4512578

Security Important

Elevation

Privilege

4511553 Base: 7.3

Temporal: 6.6 Yes

CVE-2019-1267

(Server Core

installation)

Update

Vector:

Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server,

version 1903

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1267

(Server Core

installation)

CVE-2019-1268 - Winlogon Elevation of Privilege Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Winlogon Elevation of Privilege Vulnerability

Description:

An elevation of privilege exists when Winlogon does not properly handle file path information.

An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker

could then install programs; view, change, or delete data; or create new accounts with full user

rights.

could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how Winlogon handles path information.

Privilege

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1268

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Important

Elevation

Privilege

4512506 Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1268

Service Pack

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

R2 for

4516033

Security

Important

Elevation

Privilege

4512506 Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1268

Itanium-

Systems

Service Pack

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

Important

Elevation

Privilege

4512518 Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1268

4516062

Security

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 6.5

Temporal: 5.9

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Important

Elevation

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1268

Rollup

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

for 32-bit

Systems

4516070

Security Important

Elevation

Privilege

4512497 Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1268

Update

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1268

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1268

for x64-based

Systems

Update

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1809

for ARM64-

4512578

Security Important

Elevation

Privilege

4511553 Base: 6.5

Temporal: 5.9 Yes

CVE-2019-1268

Systems

Update

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1268

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1268

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:

CVE-2019-1269 - Windows ALPC Elevation of Privilege Vulnerability

Severity Rating

Vulnerability

Impact

2019-1269

CVE Title: Windows ALPC Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when Windows improperly handles calls to

Advanced Local Procedure Call (ALPC).

An attacker who successfully exploited this vulnerability could run arbitrary code in the

security context of the local system. An attacker could then install programs; view, change, or

could then run a specially crafted application that could exploit the vulnerability and take

control over an affected system.

The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

Mitigations:

Workarounds:

Privilege

Severity Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1269

Product KB

Restart

Required

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

CVE-2019-1269

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Important

Elevation

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1269

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1269

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1269

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

4512578

Security Important

Elevation

Privilege

4511553 Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1269

for x64-based

Systems

Update

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

4515384

Security Important

Elevation

Privilege

4512508 Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1269

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1270 - Microsoft Windows Store Installer Elevation of Privilege

Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Microsoft Windows Store Installer Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows store installer where WindowsApps

directory is vulnerable to symbolic link attack. An attacker who successfully exploited this

vulnerability could bypass access restrictions to add or remove files.

could then run a specially crafted application that could exploit the vulnerability and add or

remove files.

The security update addresses the vulnerability by not allowing reparse points in the

WindowsApps directory.

Mitigations:

Privilege

Severity Rating

Vulnerability

Impact

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1270

Product KB

Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1270

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1703

4516068

Security Important

Elevation

Privilege

4512507 Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1270

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1270

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1270

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1270

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1271 - Windows Media Elevation of Privilege Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Windows Media Elevation of Privilege Vulnerability

Description:

An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An

attacker who successfully exploited this vulnerability could run processes in an elevated

context. An attacker could then install programs; view, change or delete data.

Privilege

Severity Rating

Vulnerability

Impact

could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how hdAudio.sys stores the size of the

reserved region.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1271

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2008

R2 for x64-

based Systems

Service Pack

1 (Server Core

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1271

Windows

Server 2008

R2 for

Itanium-Based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2008

R2 for x64-

based Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1271

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

Privilege

4512518

Base: 7

Temporal: 6.3

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1271

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:

Windows RT

4516067

Monthly

Rollup

Important

Elevation

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Important

Elevation

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1271

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7

Temporal: 6.3

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1271

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 7

Temporal: 6.3 Yes

CVE-2019-1271

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1271

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:

Windows 10

Version 1903

4515384

Security Important

Elevation

Privilege

4512508 Base: 7

Temporal: 6.3 Yes

CVE-2019-1271

for x64-based

Systems

Update

Vector:

Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2008

for 32-bit

Systems

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1271

Service Pack

Windows

Server 2008

for x64-based

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:

CVE-2019-1272 - Windows ALPC Elevation of Privilege Vulnerability

Severity Rating

Vulnerability

Impact

2019-1272

CVE Title: Windows ALPC Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when Windows improperly handles calls to

Advanced Local Procedure Call (ALPC).

An attacker who successfully exploited this vulnerability could run arbitrary code in the

security context of the local system. An attacker could then install programs; view, change, or

could then run a specially crafted application that could exploit the vulnerability and take

control over an affected system.

The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

Mitigations:

Workarounds:

Privilege

Severity Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1272

Product KB

Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

for x64-based

Systems

4516070

Security Important

Elevation

Privilege

4512497 Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1272

Update

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1272

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server,

version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1272

(Server Core

Installation)

Update

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2019

4512578

Security Important

Elevation

Privilege

4511553 Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1272

Update

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for ARM64-

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1272

Systems

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1273 - Active Directory Federation Services XSS Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Active Directory Federation Services XSS Vulnerability

Description:

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services

(ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit

the vulnerability by sending a specially crafted request to an affected ADFS server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting

attacks on affected systems and run scripts in the security context of the current user. The attacks

could allow the attacker to read content that the attacker is not authorized to read, use the victim's

Important Spoofing

Maximum

Severity

Rating

Vulnerability

Impact

identity to take actions on the ADFS site on behalf of the user, such as change permissions and

delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that ADFS error handling

properly sanitizes error messages.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1273

Product KB

Restart

Required

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows 10

Version 1809

4512578

Security Important Spoofing 4511553

Base: 8.2

Temporal: 7.4 Yes

CVE-2019-1273

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows

Server 2019

4512578

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

CVE-2019-1273

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Base: 8.2

Temporal: 7.4

Vector:

CVE-2019-1274 - Windows Kernel Information Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Windows Kernel Information Disclosure Vulnerability

Information

Disclosure

Severity Rating

Vulnerability

Impact

An information disclosure vulnerability exists when the Windows kernel fails to properly

initialize a memory address. An attacker who successfully exploited this vulnerability could

obtain information to further compromise the userâ€™s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a

The security update addresses the vulnerability by correcting how the Windows kernel

initializes memory.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Severity Rating

Vulnerability

Impact

Affected Software

CVE-2019-1274

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:

Windows 7

for x64-

4516033

Security

Disclosure 4512506

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

Systems

Service Pack

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

R2 for x64-

Systems

Service Pack

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

Disclosure 4512518

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

(Server Core

installation)

4516062

Security

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:

Windows 8.1

for x64-

systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2012

4516064

Security

4516067

Monthly

Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1274

Rollup

Windows RT

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Disclosure 4512497

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

for x64-

Systems

4516070

Security

Update

Disclosure 4512497

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

Update

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1607

for x64-

Systems

4516044

Security

Update

Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Disclosure 4512507

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1703

for x64-

4516068

Security

Update

Disclosure 4512507

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1274

Systems

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for x64-

Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1803

for x64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server,

version 1803

4516058

Security Important

Information

Disclosure 4512501

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

(Server Core

Installation)

Update

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for x64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2019

4512578

Security Important

Information

Disclosure 4511553

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

Update

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for x64-

Systems

4515384

Security

Update

Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows 10

Version 1903

for ARM64-

4515384

Security Important

Information

Disclosure 4512508

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

Systems

Update

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 6.3

Temporal: 5.7 Yes

CVE-2019-1274

for x64-

Systems

Service Pack

Rollup

4516051

Security

Vector:

Windows

Server 2008

for x64-

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:

CVE-2019-1277 - Windows Audio Service Elevation of Privilege

Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: Windows Audio Service Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows Audio Service when a malformed

parameter is processed. An attacker who successfully exploited the vulnerability could run

arbitrary code with elevated privileges when used in conjunction with another vulnerability.

To exploit the vulnerability, an attacker could run a specially crafted application locally. This

vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be

used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability

and another elevation of privilege) that could take advantage of the elevated privileges when

running.

The update addresses the vulnerability by correcting how the Windows Audio Service handles

these parameters.

Privilege

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1277

Product KB

Restart

Required

CVE-2019-1277

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 7.8

Temporal: 7 Yes

CVE-2019-1277

for x64-based

Systems

Update

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for ARM64-

4512578

Security Important

Elevation

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

CVE-2019-1277

Systems

Update

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1277

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Severity Rating

Vulnerability

Impact

2019-1278

Description:

An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects

in memory. An attacker who successfully exploited the vulnerability could execute code with

elevated permissions.

Privilege

Severity Rating

Vulnerability

Impact

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted

application.

The security update addresses the vulnerability by ensuring the unistore.dll properly handles

objects in memory.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1278

Product KB

Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2016

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1278

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

4516058

Security Important

Elevation

Privilege

4512501 Base: 7.8

Temporal: 7 Yes

CVE-2019-1278

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1803

for ARM64-

Systems

4516058

Security

Update

Important

Elevation

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1809

4512578

Security Important

Elevation

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

CVE-2019-1278

for x64-based

Systems

Update

Vector:

Windows 10

Version 1809

for ARM64-

Systems

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1709

for ARM64-

Systems

4516066

Security

Update

Important

Elevation

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

4515384

Security Important

Elevation

Privilege

4512508 Base: 7.8

Temporal: 7 Yes

CVE-2019-1278

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows 10

Version 1903

for ARM64-

Systems

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1280 - LNK Remote Code Execution Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: LNK Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code

execution if a .LNK file is processed.

An attacker who successfully exploited this vulnerability could gain the same user rights as the

local user. Users whose accounts are configured to have fewer user rights on the system could be

less impacted than users who operate with administrative user rights.

The attacker could present to the user a removable drive, or remote share, that contains a

malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote

share) in Windows Explorer, or any other application that parses the .LNK file, the malicious

binary will execute code of the attackerâ€™s choice, on the target system.

The security update addresses the vulnerability by correcting the processing of shortcut LNK

references.

Execution

Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1280

Product KB

Restart

Required

Windows 7

for 32-bit

4516033

Security

Critical

Remote

Execution

4512506 Base: 7.3

Temporal: 6.6 Yes

CVE-2019-1280

Systems

Service Pack 1

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Windows 7

for x64-based

Systems

Service Pack 1

4516033

Security

4516065

Monthly

Rollup

Critical

Remote

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

(Server Core

installation)

4516033

Security

4516065

Monthly

Rollup

Critical

Remote

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

R2 for

Itanium-Based

4516033

Security

4516065

Monthly

Critical

Remote

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1280

Systems

Service Pack 1

Rollup

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

4516033

Security

4516065

Monthly

Rollup

Critical

Remote

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack 2

(Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Critical

Remote

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Critical

Remote

Execution

4512518

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1280

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Critical

Remote

Execution

4512518

Base: 7.3

Temporal: 6.6

Vector:

Windows 8.1

for 32-bit

systems

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:

Windows 8.1

for x64-based

systems

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1280

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:

Windows RT

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Critical

Remote

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

for 32-bit

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1280

Windows 10

for x64-based

Systems

4516070

Security

Update

Critical

Remote

Execution

4512497

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2016

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Critical

Remote

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1703

4516068

Security Critical

Remote

Execution

4512507 Base: 7.3

Temporal: 6.6 Yes

CVE-2019-1280

for 32-bit

Systems

Update

Vector:

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Critical

Remote

Execution

4512507

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1280

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Critical

Remote

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1280

Windows

Server 2019

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Critical

Remote

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Critical

Remote

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:

Windows 10

Version 1903

4515384

Security Critical

Remote

Execution

4512508 Base: 7.3

Temporal: 6.6 Yes

CVE-2019-1280

for ARM64-

based Systems

Update

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Critical

Remote

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

for Itanium-

Systems

Service Pack 2

4516026

Monthly

Rollup

4516051

Security

Critical

Remote

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack 2

4516026

Monthly

Rollup

4516051

Security

Critical

Remote

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1280

Windows

Server 2008

for x64-based

Systems

Service Pack 2

4516026

Monthly

Rollup

4516051

Security

Critical

Remote

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:

Windows

Server 2008

for x64-based

Systems

Service Pack 2

(Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Critical

Remote

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:

CVE-2019-1282 - Windows Common Log File System Driver Information

Disclosure Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Windows Common Log File System Driver Information Disclosure Vulnerability

Description:

An information disclosure exists in the Windows Common Log File System (CLFS) driver

when it fails to properly handle sandbox checks. An attacker who successfully exploited this

vulnerability could potentially read data outside their expected limits.

The security update addresses the vulnerability by correcting how CLFS handles sandbox

checks.

vulnerability is unauthorized file system access - reading from the file system.

Disclosure

Severity Rating

Vulnerability

Impact

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1282

Product KB

Restart

Required

Windows 7

for 32-bit

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes

CVE-2019-1282

Systems

Service Pack

4516065

Monthly

Rollup

Vector:

Windows 7

for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes

CVE-2019-1282

R2 for

Itanium-

Systems

Service Pack

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 5.5

Temporal: 5 Yes

CVE-2019-1282

Rollup

4516062

Security

Vector:

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:

Windows

8.1 for 32-

bit systems

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

8.1 for x64-

systems

4516064

Security

4516067

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1282

Monthly

Rollup

Windows

Server 2012

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

RT 8.1

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2012

R2 (Server

installation)

4516064

Security

4516067

Monthly

Rollup

Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1282

Windows 10

for 32-bit

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:

Windows 10

for x64-

Systems

4516070

Security

Update

Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2016

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 5.5

Temporal: 5 Yes

CVE-2019-1282

(Server Core

installation)

Update

Vector:

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

CVE-2019-1282

1803 for 32-

bit Systems

Update

Vector:

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1803 for

ARM64-

Systems

4516058

Security

Update

Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1282

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1809 for

ARM64-

Systems

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update

Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1282

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows 10

Version

1903 for

ARM64-

Systems

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1282

Windows

Server 2008

for Itanium-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

for x64-

Systems

Service Pack

4516026

Monthly

Rollup

4516051

Security

Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 5.5

Temporal: 5 Yes

CVE-2019-1282

for x64-

Systems

Service Pack

2 (Server

installation)

Rollup

4516051

Security

Vector:

CVE-2019-1283 - Microsoft Graphics Components Information Disclosure

Vulnerability

Severity Rating

Vulnerability

Impact

CVE Title: Microsoft Graphics Components Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists in the way that Microsoft Graphics Components

handle objects in memory. An attacker who successfully exploited the vulnerability could

obtain information that could be useful for further exploitation.

To exploit the vulnerability, a user would have to open a specially crafted file.

Disclosure

Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by correcting how Microsoft Graphics

Components handle objects in memory.

Mitigations:

Workarounds:

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1283

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows 7

for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes

CVE-2019-1283

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516065

Monthly

Rollup

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

CVE-2019-1284 - DirectX Elevation of Privilege Vulnerability

Maximum

Severity

Rating

Vulnerability

Impact

CVE Title: DirectX Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when DirectX improperly handles objects in

memory. An attacker who successfully exploited this vulnerability could run arbitrary code in

kernel mode. An attacker could then install programs; view, change, or delete data; or create new

accounts with full user rights.

The update addresses the vulnerability by correcting how DirectX handles objects in memory.

Mitigations:

Workarounds:

Privilege

Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00

Affected Software

CVE-2019-1284

Product KB

Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1284

Windows 7

for x64-based

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for x64-

Systems

Service Pack

1 (Server

installation)

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

R2 for

Itanium-

Systems

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVE-2019-1284

Service Pack

Windows

Server 2008

R2 for x64-

Systems

Service Pack

4516033

Security

4516065

Monthly

Rollup

Important

Elevation

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

installation)

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

Windows

Server 2008

for Itanium-

Systems

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:

overview - home | nsfocus

Documents

our home - daily overview

avg home product overview

system overview home

web application firewall (waf) - nsfocusglobal.com€¦ ·...

home inventory overview for home visitors alabama ......

home town competitiveness overview

home ventilation overview

computing power (in apollo control computer...

home depot spf overview

home health program overview

home base overview/orientation

1 ashland specialty ingredients home care overview home care...

elasticsearch hit by ransom attack-v3 - nsfocus...

features next generation intrusion prevention system...

benefits web application firewall (waf) - nsfocus€¦ ·...

overview - nsfocus · overview microsoft released the...

33 - idnog03 - guy rosefelt (nsfocus) - threat intelligence

home → overview - abesit

home overview

company: home page overview