overview - home | nsfocus

@NSFOCUS 2019 http://www.nsfocus.com

Microsoft Released September Patches to Fix 81 Security Vulnerabilities

Threat Alert

Overview

Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to

remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common

Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET

Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Yammer, Project

Rome, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows

Kernel, and Windows RDP.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level


.NET Core CVE-2019-1301 .NET Core Denial-of-Service

Vulnerability Important

.NET Framework CVE-2019-1142 .NET Framework Privilege

Escalation Vulnerability Important

Active Directory CVE-2019-1273 Active Directory Federation

Services XSS Vulnerability Important

Adobe Flash Player ADV190022 September 2019 Adobe Flash

Security Update Critical

ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of

Privilege Vulnerability Important

Common Log File System Driver CVE-2019-1214

Windows Common Log File

System Driver Privilege Escalation

Vulnerability

Important

Common Log File System Driver CVE-2019-1282

Windows Common Log File

System Driver Information

Disclosure Vulnerability

Important


Microsoft Browsers CVE-2019-1220 Microsoft Browser Security Feature

Bypass Vulnerability Important

Microsoft Edge CVE-2019-1299

Microsoft Edge based on Edge

HTML Information Disclosure

Vulnerability

Important

Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange Denial-of-

Service Vulnerability Important

Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange Spoofing


Microsoft Graphics Component CVE-2019-1216 DirectX Information Disclosure


Microsoft Graphics Component CVE-2019-1244 DirectWrite Information Disclosure







Microsoft Graphics Component CVE-2019-1252 Windows GDI Information

Disclosure Vulnerability Important

Microsoft Graphics Component CVE-2019-1283

Microsoft Graphics Components

Information Disclosure

Vulnerability

Important

Microsoft Graphics Component CVE-2019-1284 DirectX Privilege Escalation


Microsoft Graphics Component CVE-2019-1286 Windows GDI Information


Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine Remote Code

Execution Vulnerability Important




Microsoft Office CVE-2019-1297 Microsoft Excel Remote Code


Microsoft Office CVE-2019-1263 Microsoft Excel Information


Microsoft Office CVE-2019-1264 Microsoft Office Security Feature

Bypass Vulnerability Important

Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint Remote Code

Execution Vulnerability Critical

Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint Spoofing

Vulnerability Moderate

Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint Privilege


Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint Spoofing



Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS






Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine Memory

Corruption Vulnerability Moderate

Microsoft Scripting Engine CVE-2019-1208 VBScript Remote Code Execution

Vulnerability

Critical


Corruption Vulnerability Critical

Microsoft Scripting Engine CVE-2019-1221 Scripting Engine Memory


Microsoft Scripting Engine CVE-2019-1236 VBScript Remote Code Execution

Vulnerability Critical





Corruption Vulnerability Moderate



Microsoft Windows CVE-2019-1215 Windows Privilege Escalation


Microsoft Windows CVE-2019-1219

Windows Transaction Manager


Vulnerability

Important

Microsoft Windows CVE-2019-1267 Microsoft Compatibility Appraiser

Privilege Escalation Vulnerability Important

Microsoft Windows CVE-2019-1268 Winlogon Privilege Escalation



Microsoft Windows CVE-2019-1269 Windows ALPC Privilege


Microsoft Windows CVE-2019-1270 Microsoft Windows Store Installer


Microsoft Windows CVE-2019-1271 Windows Media Privilege


Microsoft Windows CVE-2019-1272 Windows ALPC Privilege


Microsoft Windows CVE-2019-1235 Windows Text Service Framework




Microsoft Windows CVE-2019-1277 Windows Audio Service Privilege





Microsoft Windows CVE-2019-1280 LNK Remote Code Execution

Vulnerability Critical


Windows Network Connectivity

Assistant Privilege Escalation

Vulnerability

Important


Windows Update Delivery

Optimization Privilege Escalation

Vulnerability

Important

Microsoft Windows CVE-2019-1292 Windows Denial-of-Service


Microsoft Windows CVE-2019-1294 Windows Secure Boot Security

Feature Bypass Vulnerability Important




Microsoft Yammer CVE-2019-1265 Microsoft Yammer Security

Feature Bypass Vulnerability Important

Project Rome CVE-2019-1231 Rome SDK Information Disclosure

Vlunerability Important

Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical

Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 Information Disclosure

Vlunerability Important

Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-site

Scripting Vulnerability Important

Team Foundation Server CVE-2019-1306

Azure DevOps and Team

Foundation Server Remote Code

Execution Vulnerability

Critical

Visual Studio CVE-2019-1232

Diagnostics Hub Standard

Collector Service Privilege

Escalation Vulnerability

Important


Windows Hyper-V CVE-2019-0928 Windows Hyper-V Denial-of-

Service Vulnerability Important

Windows Hyper-V CVE-2019-1254 Windows Hyper-V Information


Windows Kernel CVE-2019-1274 Windows Kernel Information


Windows Kernel CVE-2019-1256 Win32k Privilege Escalation


Windows Kernel CVE-2019-1285 Win32k Privilege Escalation


Windows Kernel CVE-2019-1293

Windows SMB Client Driver


Vulnerability

Important

Windows RDP CVE-2019-0787 Remote Desktop Client Remote

Code Execution Vulnerability Critical








Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.


Appendix

ADV190022 - September 2019 Adobe Flash Security Update

CVE ID Vulnerability Description

Maximu

m

Severity

Rating

Vulnerabilit

y Impact

ADV19002

2

MITRE

NVD

CVE Title: September 2019 Adobe Flash Security Update

Description:

This security update addresses the following vulnerability, which is described in Adobe Security Bulletin

APSB19-46: CVE-2019-8069 and CVE-2019-8070.

.

FAQ:

How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is

using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed

to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the

website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application

or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of

compromised websites and websites that accept or host user-provided content or advertisements. These

Critical

Remote

Code

Execution

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=ADV190022

https://web.nvd.nist.gov/view/vuln/detail?vulnId=ADV190022

https://helpx.adobe.com/security/products/Digital-Editions/apsb19-46.html



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases,

however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an

attacker would have to convince users to take action, typically by clicking a link in an email message or in

an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent

through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an

attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An

attacker could then host a website that contains specially crafted Flash content designed to exploit any of

these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker

would have no way to force users to view the attacker-controlled content. Instead, an attacker would have

to convince users to take action, typically by clicking a link in an email message or in an Instant

Messenger message that takes users to the attacker's website, or by opening an attachment sent through

email. For more information about Internet Explorer and the CV List, please see the MSDN Article,

Developer Guidance for websites with content for Adobe Flash Player in Windows 8.

Mitigations:

Workarounds:



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

Workaround refers to a setting or configuration change that would help block known attack vectors before

you apply the update.

Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe Flash Player in

Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office

2010, by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to

reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from

using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for the control in

the registry, perform the following steps:

1. Paste the following into a text file and save it with the .reg file extension.

2. Windows Registry Editor Version 5.00

3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX

Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

4. "Compatibility Flags"=dword:00000400

5.

6. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX

Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

7. "Compatibility Flags"=dword:00000400



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

8. Double-click the .reg file to apply it to an individual system.

You can also apply this workaround across domains by using Group Policy. For more information

about Group Policy, see the TechNet article, Group Policy collection.

Note You must restart Internet Explorer for your changes to take effect. Impact of workaround. There is

no impact as long as the object is not intended to be used in Internet Explorer. How to undo the

workaround. Delete the registry keys that were added in implementing this workaround. Prevent Adobe

Flash Player from running in Internet Explorer through Group Policy Note The Group Policy MMC

snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For

more information about Group Policy, visit the following Microsoft Web sites:

Group Policy Overview What is Group Policy Object Editor? Core Group Policy tools and settings

To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps:

Note This workaround does not prevent Flash from being invoked from other applications, such as

Microsoft Office 2007 or Microsoft Office 2010.

1. Open the Group Policy Management Console and configure the console to work with the

appropriate Group Policy object, such as local machine, OU, or domain GPO.

2. Navigate to the following node: Administrative Templates -> Windows Components ->

Internet Explorer -> Security Features -> Add-on Management

https://technet.microsoft.com/library/hh831791

https://technet.microsoft.com/library/cc737816%28v=ws.10%29.aspx

https://technet.microsoft.com/library/cc784165%28v=ws.10%29.aspx



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications from using

Internet Explorer technology to instantiate Flash objects.

4. Change the setting to Enabled.

5. Click Apply and then click OK to return to the Group Policy Management Console.

6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval

for the settings to take effect. Prevent Adobe Flash Player from running in Office 2010 on

affected systems Note This workaround does not prevent Adobe Flash Player from running in

Internet Explorer. Warning If you use Registry Editor incorrectly, you may cause serious problems

that may require you to reinstall your operating system. Microsoft cannot guarantee that you can

solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own

risk. For detailed steps that you can use to prevent a control from running in Internet Explorer, see

Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility

Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash

Player in the registry using the following steps:

1. Create a text file named Disable_Flash.reg with the following contents:



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D

27CDB6E-AE6D-11CF-96B8-444553540000}]

"Compatibility Flags"=dword:00000400

2. Double-click the .reg file to apply it to an individual system.

3. Note You must restart Internet Explorer for your changes to take effect. You can also apply this

workaround across domains by using Group Policy. For more information about Group Policy, see

the TechNet article, Group Policy collection. Prevent ActiveX controls from running in Office

2007 and Office 2010

To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe

Flash Player in Internet Explorer, perform the following steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings.

2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without

notifications.

3. Click OK to save your settings. Impact of workaround. Office documents that use embedded

ActiveX controls may not display as intended. How to undo the workaround.

http://go.microsoft.com/fwlink/?LinkID=215719



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following

steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings.

2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without

notifications.

3. Click OK to save your settings. Set Internet and Local intranet security zone settings to "High"

to block ActiveX Controls and Active Scripting in these zones You can help protect against

exploitation of these vulnerabilities by changing your settings for the Internet security zone to

block ActiveX controls and Active Scripting. You can do this by setting your browser security to

High.

To raise the browsing security level in Internet Explorer, perform the following steps:

1. On the Internet Explorer Tools menu, click** Internet Option**s.

2. In the Internet Options dialog box, click the Security tab, and then click Internet.

3. Under Security level for this zone, move the slider to High. This sets the security level for all

websites you visit to High.

4. Click Local intranet.

5. Under Security level for this zone, move the slider to High. This sets the security level for all

websites you visit to High.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

6. Click OK to accept the changes and return to Internet Explorer. Note If no slider is visible, click

Default Level, and then move the slider to High. Note Setting the level to High may cause some

websites to work incorrectly. If you have difficulty using a website after you change this setting,

and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will

allow the site to work correctly even with the security setting set to High. Impact of workaround.

There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the

Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For

example, an online e-commerce site or banking site may use ActiveX Controls to provide menus,

ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a

global setting that affects all Internet and intranet sites. If you do not want to block ActiveX

Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the

Internet Explorer Trusted sites zone". Configure Internet Explorer to prompt before running

Active Scripting or to disable Active Scripting in the Internet and Local intranet security

zone

You can help protect against exploitation of these vulnerabilities by changing your settings to prompt

before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security

zone. To do this, perform the following steps:

1. In Internet Explorer, click Internet Options on the Tools menu.

2. Click the Security tab.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

3. Click Internet, and then click Custom Level.

4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and

then click OK.

5. Click Local intranet, and then click Custom Level.

6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and

then click OK.

7. Click OK to return to Internet Explorer, and then click OK again. Note Disabling Active Scripting

in the Internet and Local intranet security zones may cause some websites to work incorrectly. If

you have difficulty using a website after you change this setting, and you are sure the site is safe to

use, you can add that site to your list of trusted sites. This will allow the site to work correctly.

Impact of workaround. There are side effects to prompting before running Active Scripting.

Many websites that are on the Internet or on an intranet use Active Scripting to provide additional

functionality. For example, an online e-commerce site or banking site may use Active Scripting to

provide menus, ordering forms, or even account statements. Prompting before running Active

Scripting is a global setting that affects all Internet and intranet sites. You will be prompted

frequently when you enable this workaround. For each prompt, if you feel you trust the site that

you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these

sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".

Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet

Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted

sites zone. This will allow you to continue to use trusted websites exactly as you do today, while

helping to protect you from this attack on untrusted sites. We recommend that you add only sites

that you trust to the Trusted sites zone.

To do this, perform the following steps:

1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.

2. In the Select a web content zone to specify its current security settings box, click Trusted Sites,

and then click Sites.

3. If you want to add sites that do not require an encrypted channel, click to clear the Require server

verification (https:) for all sites in this zone check box.

4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.

5. Repeat these steps for each site that you want to add to the zone.

6. Click OK two times to accept the changes and return to Internet Explorer. Note Add any sites that

you trust not to take malicious action on your system. Two sites in particular that you may want to

add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that

will host the update, and they require an ActiveX control to install the update.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

Revision:

1.0 09/10/2019 07:00:00

Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

ADV190022

Product KB Article Severity Impact Supersedence CVSS Score

Set

Restart

Required

Adobe Flash Player on Windows Server 2012

4516115 Security

Update

Critical Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516115



ADV190022

Adobe Flash Player on Windows 8.1 for 32-bit

systems

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 8.1 for x64-

based systems

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows Server 2012 R2

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows RT 8.1

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 10 for 32-bit

Systems

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 10 for x64-

based Systems

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal: Yes












ADV190022

N/A

Vector: N/A


4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 10 Version

1607 for 32-bit Systems

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


1607 for x64-based Systems

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV190022



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


1803 for ARM64-based Systems

4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal: Yes














ADV190022

N/A

Vector: N/A



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV190022



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115 Security

Update


Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

ADV990001 - Latest Servicing Stack Updates


Maximum

Severity

Rating

Vulnerability

Impact

ADV990001

MITRE

NVD

CVE Title: Latest Servicing Stack Updates

Description:

This is a list of the latest servicing stack updates for each operating system. This list will be

updated whenever a new servicing stack update is released. It is important to install the latest

servicing stack update.

FAQ:

Critical Defense in

Depth





http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=ADV990001

https://web.nvd.nist.gov/view/vuln/detail?vulnId=ADV990001



Maximum

Severity

Rating

Vulnerability

Impact

1. Why are all of the Servicing Stack Updates (SSU) critical updates?

The SSUs are classified as Critical updates. This does not indicate that there is a critical

vulnerability being addressed in the update.

2. When was the most recent SSU released for each version of Microsoft Windows?

Please refer to the following table for the most recent SSU release. We will update the entries

any time a new SSU is released:

Product SSU Package Date Released

Windows Server 2008 4517134 September 2019

Windows 7/Server 2008 R2 4516655 September 2019

Windows Server 2012 4512939 September 2019

Windows 8.1/Server 2012 R2 4512938 September 2019

Windows 10 4512573 September 2019

Windows 10 Version 1607/Server 2016 4512574 September 2019

Windows 10 Version 1703 4511839 September 2019

Windows 10 1709 4512575 September 2019

Windows 10 1803/Windows Server, version 1803 4512576 September 2019

Windows 10 1809/Server 2019 4512577 September 2019



Maximum

Severity

Rating

Vulnerability

Impact

Windows 10 1903/Windows Server, version 1903 4515383 September 2019

Mitigations:

None

Workarounds:

None

Revision:

9.0 06/11/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1607, Windows Server

2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section for more

information.

10.0 06/14/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server,

version 1903 (Server Core installation). See the FAQ section for more information.

12.0 07/24/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server

2019. See the FAQ section for more information.

8.0 05/14/2019 07:00:00



Maximum

Severity

Rating

Vulnerability

Impact

A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10 version

1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version 1709, Windows

Server, version 1709, Windows 10 version 1803, Windows Server, version 1803, Windows 10

version 1809, Windows Server 2019, Windows 10 version 1809 and Windows Server, version


1.2 12/03/2018 08:00:00

FAQs have been added to further explain Security Stack Updates. The FAQs include a table that

indicates the most recent SSU release for each Windows version. This is an informational

change only.

3.2 12/12/2018 08:00:00

Fixed a typo in the FAQ.

7.0 04/09/2019 07:00:00

A Servicing Stack Update has been released for Windows Server 2008 and Windows Server

2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019, and Windows

Server 2019 (Server Core installation). See the FAQ section for more information.

3.1 12/11/2018 08:00:00

Updated supersedence information. This is an informational change only.

6.0 03/12/2019 07:00:00



Maximum

Severity

Rating

Vulnerability

Impact

A Servicing Stack Update has been released for Windows 7 and Windows Server 2008 R2 and

Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information.

1.1 11/14/2018 08:00:00

Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational

change only.

1.0 11/13/2018 08:00:00


13.0 07/26/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server,

version 1903 (Server Core installation). See the FAQ section for more information.

4.0 01/08/2019 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section

for more information.

5.1 02/13/2019 08:00:00

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10

Version 1809 for x64-based Systems to 4470788. This is an informational change only.

14.0 09/10/2019 07:00:00



Maximum

Severity

Rating

Vulnerability

Impact

A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ

section for more information.

3.0 12/11/2018 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server,

version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server,

version 1803 (Server Core Installation). See the FAQ section for more information.

5.0 02/12/2019 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1607, Windows Server

2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703;

Windows 10 Version 1709 and Windows Server, version 1709 (Server Core Installation);

Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See

the FAQ section for more information.

2.0 12/05/2018 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server


11.0 07/09/2019 07:00:00

A Servicing Stack Update has been released for all supported versions of Windows 10 (including

Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2 and Windows Server




Maximum

Severity

Rating

Vulnerability

Impact

5.2 02/14/2019 08:00:00

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10

Version 1803 for x64-based Systems to 4485449. This is an informational change only.

Affected Software


ADV990001


Set

Restart

Required

Windows 7 for 32-bit Systems Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 7 for x64-based Systems Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal: Yes






ADV990001

N/A

Vector: N/A

Windows Server 2008 R2 for x64-based Systems

Service Pack 1 (Server Core installation)

4516655 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 R2 for Itanium-Based

Systems Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 R2 for x64-based Systems

Service Pack 1

4516655 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for 32-bit Systems Service

Pack 2 (Server Core installation)

4517134 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2012

4512939 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV990001

Windows Server 2012 (Server Core installation)

4512939 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 8.1 for 32-bit systems

4512938 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 8.1 for x64-based systems

4512938 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2012 R2

4512938 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2012 R2 (Server Core installation)

4512938 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 for 32-bit Systems

4512573 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal: Yes














ADV990001

N/A

Vector: N/A

Windows 10 for x64-based Systems

4512573 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2016

4512574 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 Version 1607 for 32-bit Systems

4512574 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 Version 1607 for x64-based Systems

4512574 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512574 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV990001


4511839 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4511839 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512575 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512575 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512576 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512576 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal: Yes














ADV990001

N/A

Vector: N/A

Windows Server, version 1803 (Server Core

Installation)

4512576 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 Version 1803 for ARM64-based

Systems

4512576 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512577 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512577 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4512577 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV990001

Windows Server 2019

4512577 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4512577 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4512575 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4515383 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4515383 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4515383 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal: Yes














ADV990001

N/A

Vector: N/A

Windows Server, version 1903 (Server Core

installation)

4515383 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for Itanium-Based Systems

Service Pack 2

4517134 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for 32-bit Systems Service

Pack 2

4517134 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for x64-based Systems

Service Pack 2

4517134 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for x64-based Systems

Service Pack 2 (Server Core installation)

4517134 Servicing

Stack Update

Critical Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












CVE-2019-0787 - Remote Desktop Client Remote Code Execution

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

0787

MITRE

NVD

CVE Title: Remote Desktop Client Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user

connects to a malicious server. An attacker who successfully exploited this vulnerability could

execute arbitrary code on the computer of the connecting client. An attacker could then install

programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to have control of a server and then convince

a user to connect to it. An attacker would have no way of forcing a user to connect to the

malicious server, they would need to trick the user into connecting via social engineering, DNS

poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a

legitimate server, host malicious code on it, and wait for the user to connect.

The update addresses the vulnerability by correcting how the Windows Remote Desktop Client

handles connection requests.


Execution

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0787

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0787



Maximum

Severity

Rating

Vulnerability

Impact

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-0787

Product KB

Article Severity Impact Supersedence CVSS Score Set

Restart

Required


CVE-2019-0787

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.5

Temporal: 6.7

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes




















CVE-2019-0787

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for x64-

based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1607 for 32-

bit Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

















CVE-2019-0787

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1703 for 32-

bit Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for 32-

bit Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

















CVE-2019-0787

Windows

10 Version

1803 for 32-

bit Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for 32-

bit Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

















CVE-2019-0787

x64-based

Systems

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for 32-

bit Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0787

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

CVE-2019-0788 - Remote Desktop Client Remote Code Execution

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

0788

MITRE

NVD

CVE Title: Remote Desktop Client Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user

connects to a malicious server. An attacker who successfully exploited this vulnerability could

execute arbitrary code on the computer of the connecting client. An attacker could then install



Execution








Maximum

Severity

Rating

Vulnerability

Impact

To exploit this vulnerability, an attacker would need to have control of a server and then convince

a user to connect to it. An attacker would have no way of forcing a user to connect to the

malicious server, they would need to trick the user into connecting via social engineering, DNS

poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a

legitimate server, host malicious code on it, and wait for the user to connect.

The update addresses the vulnerability by correcting how the Windows Remote Desktop Client

handles connection requests.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-0788

Product KB


Restart

Required

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0788

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for x64-

based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1607 for 32-

bit Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0788

Windows

10 Version

1703 for 32-

bit Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for 32-

bit Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for 32-

bit Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

















CVE-2019-0788

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for 32-

bit Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security Critical

Remote

Code

Execution

4511553 Base: 7.5

Temporal: 6.7 Yes
















CVE-2019-0788

ARM64-

based

Systems

Update

Vector:


Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for 32-

bit Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes















CVE-2019-0788

based

Systems

CVE-2019-0928 - Windows Hyper-V Denial of Service Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

0928

MITRE

NVD

CVE Title: Windows Hyper-V Denial of Service Vulnerability

Description:

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly

validate input from a privileged user on a guest operating system. To exploit the vulnerability, an

attacker who already has a privileged account on a guest operating system, running as a virtual

machine, could run a specially crafted application that causes a host machine to crash.

To exploit the vulnerability, an attacker who already has a privileged account on a guest operating

system, running as a virtual machine, could run a specially crafted application.

The security update addresses the vulnerability by resolving a number of conditions where Hyper-

V would fail to prevent a guest operating system from sending malicious requests.

FAQ:

Important Denial of

Service





Maximum

Severity

Rating

Vulnerability

Impact

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-0928

Product KB


Restart

Required


CVE-2019-0928

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Denial

of

Service

4512497

Base: 5.4

Temporal: 4.9

Vector:

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

Yes

Windows

Server 2016

4516044

Security

Update

Important

Denial

of

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Denial

of

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Denial

of

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Denial

of

Service

4512507

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows 10

Version 1709

4516066

Security Important

Denial

of

Service

4512516 Base: 5.4

Temporal: 4.9 Yes



















CVE-2019-0928

for x64-based

Systems

Update

Vector:


Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Denial

of

Service

4512501

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Denial

of

Service

4512501

Base: 5.4

Temporal: 4.9

Vector:


Yes

CVE-2019-1138 - Chakra Scripting Engine Memory Corruption Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1138

CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability

Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles

objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that

Moderate Remote Code

Execution










Maximum

Severity

Rating

Vulnerability

Impact

MITRE

NVD

an attacker could execute arbitrary code in the context of the current user. An attacker who

successfully exploited the vulnerability could gain the same user rights as the current user. If the

current user is logged on with administrative user rights, an attacker who successfully exploited

the vulnerability could take control of an affected system. An attacker could then install


In a web-based attack scenario, an attacker could host a specially crafted website that is designed

to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.

The attacker could also take advantage of compromised websites and websites that accept or host

user-provided content or advertisements. These websites could contain specially crafted content

that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine

handles objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None





Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1138

Product KB


Restart

Required

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Yes





CVE-2019-1138

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1703

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1138

for 32-bit

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1138

Version 1709

for x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1138

Windows 10

Version 1803

for ARM64-

based Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

4512578

Security Critical

Remote

Code

Execution

4511553 Base: 4.2

Temporal: 3.8 Yes










CVE-2019-1138

based) on

Windows 10

Version 1809

for ARM64-

based Systems

Update

Vector:


Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes












CVE-2019-1138

Windows 10

Version 1903

for 32-bit

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

ChakraCore

Release

Notes

Security

Critical

Remote

Code

Execution

4512508 Base: 4.2

Temporal: 3.8 Maybe







https://github.com/Microsoft/ChakraCore/releases/tag/v1.11.13




CVE-2019-1138

Update

Vector:


CVE-2019-1142 - .NET Framework Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1142

MITRE

NVD

CVE Title: .NET Framework Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when the .NET Framework common language

runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited

this vulnerability could write files to folders that require higher privileges than what the attacker

already has.

To exploit the vulnerability, an attacker would need to log into a system. The attacker could then

specify the targeted folder and trigger an affected process to run.

The update addresses the vulnerability correcting how the .NET Framework CLR process logs

data.

FAQ:

Important Elevation of

Privilege






Maximum

Severity

Rating

Vulnerability

Impact

There are two updates for .NET Framework 3.5 installed on Windows 10 version 1809 and

Windows Server 2019. How do I know which update I need to install?

The security updates for Windows 10 version 1809 and Windows Server 2019 include both .NET

Framework 3.5 and 4.7.2 or 4.8. Customers running these versions of Windows 10 need to

determine if they are also running .NET Framework 4.7.2 or .NET Framework 4.8. Install the

security update that includes that second version of .NET Framework.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1142

Product KB Article Severity Impact Supersedence CVSS

Score Set

Restart

Required

Microsoft .NET Framework 4.5.2 on Windows Server 2012

4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(Server Core installation)

4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-

bit systems

4514599

Security Only

4514604

Monthly


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe
















CVE-2019-1142

Rollup

Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-

based systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


R2

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.5.2 on Windows RT 8.1

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


R2 (Server Core installation)

4514599

Security Only

4514604

Monthly


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

















CVE-2019-1142

Rollup

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2

on Windows Server 2012

4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


on Windows Server 2012 (Server Core installation)

4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


on Windows 8.1 for 32-bit systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


on Windows 8.1 for x64-based systems

4514599

Security Only

4514604


Privilege

Base: N/A

Temporal: Maybe





















CVE-2019-1142

Monthly

Rollup

N/A

Vector: N/A


on Windows Server 2012 R2

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


on Windows RT 8.1

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


on Windows Server 2012 R2 (Server Core installation)

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows Server 2012

4514598

Security Only

4514603

Monthly


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


















CVE-2019-1142

Rollup



4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit

systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows 8.1 for x64-

based systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


R2

4514599

Security Only

4514604


Privilege

Base: N/A

Temporal: Maybe





















CVE-2019-1142

Monthly

Rollup

N/A

Vector: N/A

Microsoft .NET Framework 4.8 on Windows RT 8.1

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


4514354

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows 10 Version


4514354

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514354

Security Important

Elevation of

Privilege

Base: N/A

Temporal: Maybe

















CVE-2019-1142

Update

N/A

Vector: N/A



4514354

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514355

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514355

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514356

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514356

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


















CVE-2019-1142



4514357

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514357

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows Server,

version 1803 (Server Core Installation)

4516058

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Microsoft .NET Framework 3.5 AND 4.8 on Windows 10

Version 1809 for 32-bit Systems

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Version 1809 for x64-based Systems

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 3.5 AND 4.8 on Windows

Server 2019

4514601

Security Important

Elevation of

Privilege 4512501

Base: N/A

Temporal: Maybe



















CVE-2019-1142

Update

N/A

Vector: N/A


Server 2019 (Server Core installation)

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514359

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514359

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Server, version 1903 (Server Core installation)

4514359

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10


4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


















CVE-2019-1142

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10


4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows

Server 2019

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 3.5 AND 4.7.2 on Windows

Server 2019 (Server Core installation)

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


4514598

Security Only

4514603

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514598

Security Only

4514603

Monthly


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe




















CVE-2019-1142

Rollup

Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit

systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 3.5 on Windows 8.1 for x64-

based systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


R2

4514599

Security Only

4514604

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514599

Security Only

4514604


Privilege 4512501

Base: N/A

Temporal: Maybe





















CVE-2019-1142

Monthly

Rollup

N/A

Vector: N/A

Microsoft .NET Framework 3.5 on Windows 10 for 32-bit

Systems

4516070

Security

Update


Privilege 4512497

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Microsoft .NET Framework 3.5 on Windows 10 for x64-

based Systems

4516070

Security

Update


Privilege 4512497

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



















CVE-2019-1142



4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516068

Security

Update


Privilege 4512507

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516068

Security

Update


Privilege 4512507

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516066

Security

Update


Privilege 4512516

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516066

Security

Update


Privilege 4512516

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516058

Security Important

Elevation of

Privilege 4512501

Base: N/A

Temporal: Yes



















CVE-2019-1142

Update

N/A

Vector: N/A



4516058

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Microsoft .NET Framework 3.5 on Windows Server,

version 1803 (Server Core Installation)

4516058

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

CVE-2019-1208 - VBScript Remote Code Execution Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1208

MITRE

NVD

CVE Title: VBScript Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the way that the VBScript engine handles objects

in memory. The vulnerability could corrupt memory in such a way that an attacker could execute

arbitrary code in the context of the current user. An attacker who successfully exploited the


Execution












Maximum

Severity

Rating

Vulnerability

Impact

vulnerability could gain the same user rights as the current user. If the current user is logged on

with administrative user rights, an attacker who successfully exploited the vulnerability could

take control of an affected system. An attacker could then install programs; view, change, or

delete data; or create new accounts with full user rights.


to exploit the vulnerability through Internet Explorer and then convince a user to view the

website. An attacker could also embed an ActiveX control marked "safe for initialization" in an

application or Microsoft Office document that hosts the IE rendering engine. The attacker could

also take advantage of compromised websites and websites that accept or host user-provided

content or advertisements. These websites could contain specially crafted content that could

exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles

objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None



Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1208

Product KB Article Severity Impact Supersedence CVSS Score Set Restart

Required

Internet

Explorer 9

on

Windows

Server

2008 for

32-bit

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes







CVE-2019-1208

Systems

Service

Pack 2

Internet

Explorer 9

on

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

7 for 32-

bit

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes












CVE-2019-1208

Internet

Explorer

11 on

Windows

7 for x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2008 R2

for x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872 Base: 6.4

Temporal: 5.8 Yes














CVE-2019-1208

Windows

Server

2012

Vector:


Internet

Explorer

11 on

Windows

8.1 for 32-

bit

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

x64-based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2012 R2

4516067

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

















CVE-2019-1208

Internet

Explorer

11 on

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for 32-

bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:


Yes











CVE-2019-1208

Server

2016

Internet

Explorer

11 on

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1208

1703 for

32-bit

Systems

Internet

Explorer

11 on

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1208

10 Version

1709 for

x64-based

Systems

Internet

Explorer

11 on

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

4516058

Security Critical

Remote

Code

Execution

4512501 Base: 7.5

Temporal: 6.7 Yes










CVE-2019-1208

Windows

10 Version

1803 for

ARM64-

based

Systems

Update

Vector:


Internet

Explorer

11 on

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes









CVE-2019-1208

Internet

Explorer

11 on

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1709 for

ARM64-

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1208

based

Systems

Internet

Explorer

11 on

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1208

1903 for

ARM64-

based

Systems

Internet

Explorer

10 on

Windows

Server

2012

4516055

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

CVE-2019-1209 - Lync 2013 Information Disclosure Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1209

MITRE

NVD

CVE Title: Lync 2013 Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it could

read arbitrary files on the victim's machine. Â To exploit the vulnerability, an attacker needs to

Important Information

Disclosure










Maximum

Severity

Rating

Vulnerability

Impact

instantiate a conference and modify the meeting link with malicious content and send the link to

a victim.

The update addresses the vulnerability by changing how the URL is being resolved.

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this

vulnerability is unauthorized file system access - reading from the file system.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1209

Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required

Microsoft Lync Server 2013 4515509 Security Update

Important Information Disclosure

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

CVE-2019-1214 - Windows Common Log File System Driver Elevation of

Privilege Vulnerability

CVE ID Vulnerability Description Maximum

Severity Rating

Vulnerability

Impact

CVE-

2019-

1214

MITRE

NVD

CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Description: Important

Elevation of

Privilege

https://www.microsoft.com/download/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298f





Severity Rating

Vulnerability

Impact

An elevation of privilege vulnerability exists when the Windows Common Log File System

(CLFS) driver improperly handles objects in memory. An attacker who successfully exploited

this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a

specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how CLFS handles objects in

memory.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


https://technet.microsoft.com/library/security/dn848375.aspx#CLFS

https://technet.microsoft.com/library/security/dn848375.aspx#CLFS


Affected Software


CVE-2019-1214

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1214

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

4516033

Security

Only

4516065

Monthly

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1214

Service Pack

1

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1214

Only

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1214

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1214

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

4516066

Security Important

Elevation

of

Privilege

4512516 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1214

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1214

based

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1214

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1214

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1214

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

CVE-2019-1215 - Windows Elevation of Privilege Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1215

MITRE

NVD

CVE Title: Windows Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles

objects in memory. An attacker who successfully exploited the vulnerability could execute

code with elevated privileges.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted

application.


Privilege











Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles

objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1215

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1215

Core

installation)

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1215

Core

installation)

Only

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1215

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1215

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1215

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1215

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1215

for x64-based

Systems

Update

Vector:


Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

4515384

Security Important

Elevation

of

Privilege

4512508 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1215

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1215

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1216 - DirectX Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1216

MITRE

NVD

CVE Title: DirectX Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when DirectX improperly handles objects in

memory. An attacker who successfully exploited this vulnerability could obtain information to

further compromise the userâ€™s system.

An authenticated attacker could exploit this vulnerability by running a specially crafted

application.

The update addresses the vulnerability by correcting how DirectX handles objects in memory.

FAQ:



vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel

memory from a user mode process.

Mitigations:


Disclosure





Severity Rating

Vulnerability

Impact

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1216

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

Yes







CVE-2019-1216

Rollup

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

4516033

Security

Only

4516065

Monthly


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes




















CVE-2019-1216

Systems

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security


Disclosure 4512518

Base: 5.5

Temporal: 5.1

Vector:


Yes




















CVE-2019-1216

Only

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes





















CVE-2019-1216

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes

















CVE-2019-1216

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5.1

Vector:


Yes



















Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1217

MITRE

NVD


Description:
















Execution





Maximum

Severity

Rating

Vulnerability

Impact

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1217

Product KB


Restart

Required


CVE-2019-1217

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1217

for ARM64-

based Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1217

Version 1809

for ARM64-

based Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1217

for x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

ChakraCore

Release

Notes

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Maybe









CVE-2019-1219 - Windows Transaction Manager Information Disclosure

Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1219

MITRE

NVD

CVE Title: Windows Transaction Manager Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when the Windows Transaction Manager

improperly handles objects in memory. An attacker who successfully exploited this

vulnerability could potentially read data that was not intended to be disclosed.


specially crafted application.

The security update addresses the vulnerability by correcting how the Transaction Manager


FAQ:



vulnerability is uninitialized memory.


Disclosure





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1219

Product KB


Restart

Required

Windows 7

for 32-bit

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes




CVE-2019-1219

Systems

Service Pack

1

Only

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes




















CVE-2019-1219

R2 for

Itanium-

Based

Systems

Service Pack

1

Only

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 5.5

Temporal: 5 Yes




















CVE-2019-1219

Rollup

4516062

Security

Only

Vector:


Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes






















CVE-2019-1219

Monthly

Rollup

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes
















CVE-2019-1219

Windows 10

for 32-bit

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 5.5

Temporal: 5 Yes



















CVE-2019-1219

(Server Core

installation)

Update

Vector:


Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

















CVE-2019-1219

1803 for 32-

bit Systems

Update

Vector:


Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes















CVE-2019-1219

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

















CVE-2019-1219

based

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes














CVE-2019-1219

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 5.5

Temporal: 5 Yes






















CVE-2019-1219

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

Rollup

4516051

Security

Only

Vector:


CVE-2019-1220 - Microsoft Browser Security Feature Bypass Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1220

MITRE

NVD

CVE Title: Microsoft Browser Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the

correct Security Zone of requests for specific URLs. This could allow an attacker to cause a

user to access a URL in a less restricted Internet Security Zone than intended.

To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted

URL to a victim and convince them to click on it.

Important Security Feature

Bypass









Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by correcting security feature behavior to

properly map affected URLs to the correct Security Zone.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1220


Required

Internet

Explorer 9 on

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516046

IE

Cumulative

Low

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Yes

Internet

Explorer 9 on

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516046

IE

Cumulative

Low

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

on Windows

7 for 32-bit

Systems

4516065

Monthly

Rollup

4516046

IE

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Yes



















CVE-2019-1220

Service Pack

1

Cumulative

Internet

Explorer 11

on Windows

7 for x64-

based

Systems

Service Pack

1

4516065

Monthly

Rollup

4516046

IE

Cumulative

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516065

Monthly

Rollup

4516046

IE

Cumulative

Low

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

on Windows

Server 2012

4516046

IE

Cumulative

Low

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes


















CVE-2019-1220

Internet

Explorer 11

on Windows

8.1 for 32-bit

systems

4516067

Monthly

Rollup

4516046

IE

Cumulative

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

8.1 for x64-

based

systems

4516067

Monthly

Rollup

4516046

IE

Cumulative

Important

Security

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

Server 2012

R2

4516067

Monthly

Rollup

4516046

IE

Cumulative

Low

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes




















CVE-2019-1220

Internet

Explorer 11

on Windows

RT 8.1

4516067

Monthly

Rollup

Important

Security

Feature

Bypass

4512488

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 for 32-bit

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 for x64-

based

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

Server 2016

4516044

Security

Update

Low

Security

Feature

Bypass

4512517

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


Yes














CVE-2019-1220

1607 for 32-

bit Systems

Internet

Explorer 11

on Windows

10 Version

1607 for x64-

based

Systems

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1703 for x64-

based

Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


Yes











CVE-2019-1220

Internet

Explorer 11

on Windows

10 Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1709 for x64-

based

Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


Yes














CVE-2019-1220

1803 for x64-

based

Systems

Internet

Explorer 11

on Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1809 for x64-

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


Yes











CVE-2019-1220

based

Systems

Internet

Explorer 11

on Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

Server 2019

4512578

Security

Update

Low

Security

Feature

Bypass

4511553

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


Yes











CVE-2019-1220

Internet

Explorer 11

on Windows

10 Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1903 for x64-

based

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


Yes











CVE-2019-1220

Internet

Explorer 10

on Windows

Server 2012

4516055

Monthly

Rollup

4516046

IE

Cumulative

Low

Security

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Security

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:


Yes














CVE-2019-1220

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Low

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Security

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


Yes











CVE-2019-1220

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Security

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1709

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


Yes











CVE-2019-1220

for 32-bit

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Security

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


Yes











CVE-2019-1220

Version 1803

for x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Security

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

4512578

Security Important

Security

Feature

Bypass

4511553 Base: 4.3

Temporal: 3.9 Yes










CVE-2019-1220

based) on

Windows 10

Version 1809

for x64-based

Systems

Update

Vector:


Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Low

Security

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

4516066

Security Important

Security

Feature

Bypass

4512516 Base: 4.3

Temporal: 3.9 Yes











CVE-2019-1220

based) on

Windows 10

Version 1709

for ARM64-

based

Systems

Update

Vector:


Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


Yes









CVE-2019-1220

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Security

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


Yes

CVE-2019-1221 - Scripting Engine Memory Corruption Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1221

MITRE

NVD

CVE Title: Scripting Engine Memory Corruption Vulnerability

Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects

in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an

attacker could execute arbitrary code in the context of the current user. An attacker who



Execution








Maximum

Severity

Rating

Vulnerability

Impact












objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None



Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1221


Required

Internet

Explorer

11 on

Windows

7 for 32-

bit

Systems

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes







CVE-2019-1221

Service

Pack 1

Internet

Explorer

11 on

Windows

7 for x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2008 R2

for x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes












CVE-2019-1221

Internet

Explorer

11 on

Windows

Server

2012

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for 32-

bit

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

x64-based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

4516067

Monthly

Rollup

Moderate

Remote

Code

Execution

4511872 Base: 6.4

Temporal: 5.8 Yes

















CVE-2019-1221

Windows

Server

2012 R2

4516046 IE

Cumulative

Vector:


Internet

Explorer

11 on

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for 32-

bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes










CVE-2019-1221

Internet

Explorer

11 on

Windows

Server

2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1221

Internet

Explorer

11 on

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1709 for

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1221

32-bit

Systems

Internet

Explorer

11 on

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1221

1803 for

x64-based

Systems

Internet

Explorer

11 on

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

4512578

Security Critical

Remote

Code

Execution

4511553 Base: 7.5

Temporal: 6.7 Yes










CVE-2019-1221

Windows

10 Version

1809 for

x64-based

Systems

Update

Vector:


Internet

Explorer

11 on

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

4516066

Security Critical

Remote

Code

Execution

4512516 Base: 7.5

Temporal: 6.7 Yes











CVE-2019-1221

Windows

10 Version

1709 for

ARM64-

based

Systems

Update

Vector:


Internet

Explorer

11 on

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes









CVE-2019-1221

Internet

Explorer

11 on

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

CVE-2019-1231 - Rome SDK Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1231

MITRE

NVD

CVE Title: Rome SDK Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS

certificate validation. This vulnerability allows an unauthenticated attacker to establish

connection with an invalid SSL/TLS server certificate.

To exploit this, an attacker would have to Man-In-The-Middle to intercept an established

connection.


Disclosure








Severity Rating

Vulnerability

Impact

This security update addresses the issue by handling server SSL/TLS certificate validation

correctly.

FAQ:

What versions of the Project Rome SDK are affected by this vulnerability?

Version 1.4.0 and all previous versions of the SDK are affected. Version 1.4.1 does not have

the vulnerability.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1231


Rome SDK 1.4.1 Release Notes Security Update

Important Information Disclosure

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

CVE-2019-1232 - Diagnostics Hub Standard Collector Service Elevation of

Privilege Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1232

MITRE

NVD

CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability


Elevation of

Privilege

https://bintray.com/connecteddevices/maven/com.microsoft.connecteddevices:connecteddevices-sdk/1.4.1





Severity Rating

Vulnerability

Impact

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector

Service improperly impersonates certain file operations. An attacker who successfully

exploited this vulnerability could gain elevated privileges.

An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.

The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard

Collector Service properly impersonates file operations.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1232

Product KB


Restart

Required

Microsoft

Visual Studio

2015 Update

3

4513696

Security

Update

Important

Elevation

of

Privilege

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

https://aka.ms/vs/14/release/4513696













CVE-2019-1232

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

4516066

Security Important

Elevation

of

Privilege

4512516 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1232

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1232

based

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1232

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Visual Studio

2017 version

15.9

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512516

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes




http://aka.ms/vs/15/release/latest














CVE-2019-1232

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Visual Studio

2017 version

15.0

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Visual Studio

2019 version

16.0

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Visual Studio

2019 version

16.2

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Maybe




https://my.visualstudio.com/Downloads?q=Visual%20Studio%202017%20version%2015.0








https://aka.ms/vs/16/release/latest





CVE-2019-1233 - Microsoft Exchange Denial of Service Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1233

MITRE

NVD

CVE Title: Microsoft Exchange Denial of Service Vulnerability

Description:

A denial of service vulnerability exists in Microsoft Exchange Server software when the

software fails to properly handle objects in memory. An attacker who successfully exploited the

vulnerability could cause a remote denial of service against a system.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable

Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange Server


FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00

Important Denial of

Service





Severity Rating

Vulnerability

Impact


Affected Software


CVE-2019-1233


Set

Restart

Required

Microsoft Exchange Server 2016 Cumulative

Update 12

4515832 Security

Update

Important Denial of

Service 4509409

Base: N/A

Temporal: N/A

Vector: N/A

Maybe


Update 1

4515832 Security

Update

Important Denial of

Service 4509408

Base: N/A

Temporal: N/A

Vector: N/A

Maybe


Update 2

4515832 Security

Update

Important Denial of

Service 4509408

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=61a3f515-0eb8-4199-bf76-1fdf49036dfc


https://www.microsoft.com/download/details.aspx?familyid=9679426b-c00f-48e3-b6a0-f76e31f03108


https://www.microsoft.com/download/details.aspx?familyid=002926f8-2be9-4201-9ebf-c970c98cd2de



CVE-2019-1233


Update 13

4515832 Security

Update

Important Denial of

Service 4509409

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

CVE-2019-1235 - Windows Text Service Framework Elevation of Privilege

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1235

MITRE

NVD

CVE Title: Windows Text Service Framework Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when

the TSF server process does not validate the source of input or commands it receives. An attacker

who successfully exploited this vulnerability could inject commands or read input sent through a

malicious Input Method Editor (IME). This only affects systems that have installed an IME.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker

could then run a specially crafted application that could exploit the vulnerability and take control

of an affected system.


Privilege

https://www.microsoft.com/download/details.aspx?familyid=e3d8eb03-12d6-4b9d-9c2c-85521ab55493






Maximum

Severity

Rating

Vulnerability

Impact

The security update addresses this vulnerability by correcting how the TSF server and client

validate input from each other.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1235

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1235

Core

installation)

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1235

Core

installation)

Only

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1235

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1235

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1235

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1235

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1235

for x64-based

Systems

Update

Vector:


Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

4515384

Security Important

Elevation

of

Privilege

4512508 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1235

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1235

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1236 - VBScript Remote Code Execution Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1236

MITRE

NVD

CVE Title: VBScript Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the way that the VBScript engine handles objects

in memory. The vulnerability could corrupt memory in such a way that an attacker could execute

arbitrary code in the context of the current user. An attacker who successfully exploited the

vulnerability could gain the same user rights as the current user. If the current user is logged on

with administrative user rights, an attacker who successfully exploited the vulnerability could

take control of an affected system. An attacker could then install programs; view, change, or










Execution





Maximum

Severity

Rating

Vulnerability

Impact


objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1236


Required

Internet

Explorer 9

on

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer 9

on

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes












CVE-2019-1236

Internet

Explorer

11 on

Windows

7 for 32-

bit

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

7 for x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

4516065

Monthly

Rollup

4516046 IE

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes
















CVE-2019-1236

2008 R2

for x64-

based

Systems

Service

Pack 1

Cumulative

Internet

Explorer

11 on

Windows

Server

2012

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for 32-

bit

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

4516067

Monthly

Rollup

4516046 IE

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-1236

8.1 for

x64-based

systems

Cumulative

Internet

Explorer

11 on

Windows

Server

2012 R2

4516067

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for 32-

bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

Internet

Explorer

11 on

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

Internet

Explorer

11 on

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1703 for

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

x64-based

Systems

Internet

Explorer

11 on

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

1803 for

32-bit

Systems

Internet

Explorer

11 on

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

4512578

Security Critical

Remote

Code

Execution

4511553 Base: 7.5

Temporal: 6.7 Yes










CVE-2019-1236

Windows

10 Version

1809 for

32-bit

Systems

Update

Vector:


Internet

Explorer

11 on

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes









CVE-2019-1236

Internet

Explorer

11 on

Windows

Server

2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

Internet

Explorer

11 on

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

10 on

Windows

Server

2012

4516055

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes















Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1237

MITRE

NVD


Description:
















Execution





Maximum

Severity

Rating

Vulnerability

Impact

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1237

Product KB


Restart

Required


CVE-2019-1237

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1709

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

for 32-bit

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

Version 1803

for x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

Windows 10

Version 1809

for x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

Version 1709

for ARM64-

based Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

Windows 10

Version 1903

for ARM64-

based Systems

ChakraCore

Release

Notes

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Maybe

CVE-2019-1240 - Jet Database Engine Remote Code Execution Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1240

MITRE

NVD

CVE Title: Jet Database Engine Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine


vulnerability could execute arbitrary code on a victim system.

Important Remote Code

Execution









Severity Rating

Vulnerability

Impact

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted

file.

The update addresses the vulnerability by correcting the way the Windows Jet Database

Engine handles objects in memory.

FAQ:

Are Active Directory and Exchange Server affected by this vulnerability?

No, Active Directory and Exchange Server are not affected.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1240

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1240

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1240

Service Pack

1

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1240

Only

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1240

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1240

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

4516066

Security Important

Remote

Code

Execution

4512516 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1240

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: N/A

Temporal: N/A

Vector: N/A

Yes


















CVE-2019-1240

based

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1240

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes

















CVE-2019-1240

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1240

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



Severity Rating

Vulnerability

Impact

CVE-

2019-1241

MITRE

NVD


Description:





file.


Execution











Severity Rating

Vulnerability

Impact



FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1241

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1241

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1241

Service Pack

1

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1241

Only

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1241

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1241

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

4516066

Security Important

Remote

Code

Execution

4512516 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1241

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1241

based

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1241

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1241

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1241

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



Severity Rating

Vulnerability

Impact

CVE-

2019-1242

MITRE

NVD


Description:





file.


Execution











Severity Rating

Vulnerability

Impact



FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1242

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1242

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1242

Service Pack

1

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1242

Only

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1242

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1242

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

4516066

Security Important

Remote

Code

Execution

4512516 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1242

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1242

based

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1242

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1242

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1242

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



Severity Rating

Vulnerability

Impact

CVE-

2019-1243

MITRE

NVD


Description:





file.


Execution











Severity Rating

Vulnerability

Impact



FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1243

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1243

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1243

Service Pack

1

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1243

Only

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1243

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1243

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

4516066

Security Important

Remote

Code

Execution

4512516 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1243

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1243

based

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1243

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1243

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1243

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

CVE-2019-1244 - DirectWrite Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1244

MITRE

NVD

CVE Title: DirectWrite Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when DirectWrite improperly discloses the

contents of its memory. An attacker who successfully exploited the vulnerability could obtain

information to further compromise the userâ€™s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a

user to open a specially crafted document, or by convincing a user to visit an untrusted

webpage.


Disclosure











Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by correcting how DirectWrite handles objects

in memory.

FAQ:




Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1244

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 6.5

Temporal: 5.9 Yes
















CVE-2019-1244

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

Only

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes


















CVE-2019-1244

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 6.5

Temporal: 5.9

Vector:


Yes




















CVE-2019-1244

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

RT 8.1

4516067

Monthly Important

Information

Disclosure 4512488

Base: 6.5

Temporal: 5.9 Yes




















CVE-2019-1244

Rollup

Vector:


Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

4516044

Security Important

Information

Disclosure 4512517

Base: 6.5

Temporal: 5.9 Yes



















CVE-2019-1244

1607 for 32-

bit Systems

Update

Vector:


Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update


Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update


Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

4516066

Security Important

Information

Disclosure 4512516

Base: 6.5

Temporal: 5.9 Yes

















CVE-2019-1244

1709 for 32-

bit Systems

Update

Vector:


Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes















CVE-2019-1244

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2019

4512578

Security Important

Information

Disclosure 4511553

Base: 6.5

Temporal: 5.9 Yes
















CVE-2019-1244

Update

Vector:


Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes















CVE-2019-1244

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for 32-bit

4516026

Monthly

Rollup


Disclosure 4512476

Base: 6.5

Temporal: 5.9 Yes

















CVE-2019-1244

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes



















Severity Rating

Vulnerability

Impact

CVE-

2019-1245

MITRE

NVD


Description:






webpage.


in memory.

FAQ:





Disclosure





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1245

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

4516065


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes






CVE-2019-1245

Service

Pack 1

Monthly

Rollup

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

R2 for

4516033

Security

Only


Disclosure 4512506

Base: 6.5

Temporal: 5.9 Yes



















CVE-2019-1245

Itanium-

Based

Systems

Service

Pack 1

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 6.5

Temporal: 5.9 Yes



















CVE-2019-1245

Rollup

4516062

Security

Only

Vector:


Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes






















CVE-2019-1245

Monthly

Rollup

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes
















CVE-2019-1245

Windows 10

for 32-bit

Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update


Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 6.5

Temporal: 5.9 Yes



















CVE-2019-1245

(Server

Core

installation)

Update

Vector:


Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update


Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 6.5

Temporal: 5.9 Yes

















CVE-2019-1245

1803 for 32-

bit Systems

Update

Vector:


Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

4512578

Security Important

Information

Disclosure 4511553

Base: 6.5

Temporal: 5.9 Yes














CVE-2019-1245

1809 for 32-

bit Systems

Update

Vector:


Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes















CVE-2019-1245

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server,

4515384

Security Important

Information

Disclosure 4512508

Base: 6.5

Temporal: 5.9 Yes
















CVE-2019-1245

version

1903

(Server

Core

installation)

Update

Vector:


Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for x64-

based

4516026

Monthly

Rollup

4516051


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes



















CVE-2019-1245

Systems

Service

Pack 2

Security

Only

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes



Severity Rating

Vulnerability

Impact

CVE-

2019-1246



Remote Code

Execution











Severity Rating

Vulnerability

Impact

MITRE

NVD





file.



FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00






Severity Rating

Vulnerability

Impact

Affected Software


CVE-2019-1246

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes













CVE-2019-1246

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

4516033

Security

Only

4516065

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1246

Systems

Service Pack

1

Monthly

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1246

Only

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1246

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Office 2010

Service Pack

2 (32-bit

editions)

4475599

Security

Update

Important

Remote

Code

Execution

4475506

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Office 2010

Service Pack

2 (64-bit

editions)

4475599

Security

Update

Important

Remote

Code

Execution

4475506

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

https://www.microsoft.com/download/details.aspx?familyid=e3773d61-ae15-4e05-aada-e3470a5a2b48



https://www.microsoft.com/download/details.aspx?familyid=628ce922-5874-4917-8f14-3d21a0418efb










CVE-2019-1246

Microsoft

Office 2013

Service Pack

1 (32-bit

editions)

4475611

Security

Update

Important

Remote

Code

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Office 2013

Service Pack

1 (64-bit

editions)

4475611

Security

Update

Important

Remote

Code

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Office 2013

RT Service

Pack 1

4475611

Security

Update

Important

Remote

Code

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

https://www.microsoft.com/download/details.aspx?familyid=e30be103-9126-4a68-b60e-e5aec6ec6014



https://www.microsoft.com/download/details.aspx?familyid=d01dbaa7-d8e3-4a37-915f-78863fc9d68a










CVE-2019-1246

Microsoft

Office 2016

(32-bit

edition)

4475591

Security

Update

Important

Remote

Code

Execution

4475538

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Office 2016

(64-bit

edition)

4475591

Security

Update

Important

Remote

Code

Execution

4475538

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security Important

Remote

Code

Execution

4512517 Base: 7.8

Temporal: 7 Yes

https://www.microsoft.com/download/details.aspx?familyid=9881d928-9ffa-4da7-a295-5fc6f4402ec1



https://www.microsoft.com/download/details.aspx?familyid=846b202d-52f0-4716-b743-7445290cb9a2















CVE-2019-1246

(Server Core

installation)

Update

Vector:


Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1246

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1246

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Office 2019

for 32-bit

editions

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No

Microsoft

Office 2019

for 64-bit

editions

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No











CVE-2019-1246

Office 365

ProPlus for

32-bit

Systems

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No

Office 365

ProPlus for

64-bit

Systems

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes











CVE-2019-1246

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1246

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

















Severity Rating

Vulnerability

Impact

CVE-

2019-1247

MITRE

NVD


Description:





file.



FAQ:



Mitigations:

None


Execution





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1247

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes







CVE-2019-1247

Rollup

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1247

Systems

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1247

Only

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1247

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1247

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

4516068

Security Important

Remote

Code

Execution

4512507 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1247

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1247

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1247

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1247

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1247

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

















Severity Rating

Vulnerability

Impact

CVE-

2019-1248

MITRE

NVD


Description:





file.



FAQ:



Mitigations:

None


Execution





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1248

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes







CVE-2019-1248

Rollup

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1248

Systems

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1248

Only

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1248

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1248

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

4516068

Security Important

Remote

Code

Execution

4512507 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1248

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1248

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1248

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1248

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1248

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

















Severity Rating

Vulnerability

Impact

CVE-

2019-1249

MITRE

NVD


Description:





file.



FAQ:



Mitigations:

None


Execution





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1249

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes







CVE-2019-1249

Rollup

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1249

Systems

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1249

Only

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1249

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1249

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

4516068

Security Important

Remote

Code

Execution

4512507 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1249

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1249

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1249

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1249

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1249

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

















Severity Rating

Vulnerability

Impact

CVE-

2019-1250

MITRE

NVD


Description:





file.



FAQ:



Mitigations:

None


Execution





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1250

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes







CVE-2019-1250

Rollup

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

4516033

Security

Only

4516065

Monthly

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1250

Systems

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1250

Only

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1250

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1250

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

4516068

Security Important

Remote

Code

Execution

4512507 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1250

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1250

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1250

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1250

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1250

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

















Severity Rating

Vulnerability

Impact

CVE-

2019-1251

MITRE

NVD


Description:






webpage.


in memory.

FAQ:



vulnerability is memory layout - the vulnerability allows an attacker to collect information that

facilitates predicting addressing of the memory.


Disclosure





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1251

Product KB


Restart

Required

Windows 10

Version

4516068

Security Important

Information

Disclosure 4512507

Base: 5.5

Temporal: 5 Yes




CVE-2019-1251

1703 for 32-

bit Systems

Update

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1803 for

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

















CVE-2019-1251

x64-based

Systems

Update

Vector:


Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes















CVE-2019-1251

x64-based

Systems

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes














CVE-2019-1251

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes














CVE-2019-1252 - Windows GDI Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1252

MITRE

NVD

CVE Title: Windows GDI Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when the Windows GDI component improperly

discloses the contents of its memory. An attacker who successfully exploited the vulnerability

could obtain information to further compromise the userâ€™s system.



webpage.

The security update addresses the vulnerability by correcting how the Windows GDI

component handles objects in memory.

FAQ:



vulnerability is memory layout - the vulnerability allows an attacker to collect information that

facilitates predicting addressing of the memory.


Disclosure





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1252

Product KB


Restart

Required

Windows 7

for 32-bit

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes




CVE-2019-1252

Systems

Service

Pack 1

Only

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes




















CVE-2019-1252

R2 for

Itanium-

Based

Systems

Service

Pack 1

Only

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 5.5

Temporal: 5 Yes




















CVE-2019-1252

Rollup

4516062

Security

Only

Vector:


Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes






















CVE-2019-1252

Monthly

Rollup

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes
















CVE-2019-1252

Windows 10

for 32-bit

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 5.5

Temporal: 5 Yes



















CVE-2019-1252

(Server Core

installation)

Update

Vector:


Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

















CVE-2019-1252

1803 for 32-

bit Systems

Update

Vector:


Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version

1803

(Server Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes















CVE-2019-1252

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

















CVE-2019-1252

based

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version

1903

(Server Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes














CVE-2019-1252

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 5.5

Temporal: 5 Yes






















CVE-2019-1252

for x64-

based

Systems

Service

Pack 2

(Server Core

installation)

Rollup

4516051

Security

Only

Vector:




Severity Rating

Vulnerability

Impact

CVE-2019-

1253

MITRE

NVD


Description:

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server

improperly handles junctions.

To exploit this vulnerability, an attacker would first have to gain execution on the victim

system. An attacker could then run a specially crafted application to elevate privileges.

The security update addresses the vulnerability by correcting how AppX Deployment

Server handles junctions.


Privilege









Severity Rating

Vulnerability

Impact

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1253

Product KB


Restart

Required


CVE-2019-1253

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1253

for x64-based

Systems

Update

Vector:


Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1253

based

Systems

Update

Vector:


Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1253

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

CVE-2019-1254 - Windows Hyper-V Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1254

MITRE

NVD

CVE Title: Windows Hyper-V Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized

memory to disk. An attacker could exploit the vulnerability by reading a file to recover

kernel memory.


Disclosure











Severity Rating

Vulnerability

Impact

To exploit the vulnerability, an attacker would first require access to a Hyper-V host.

The security update addresses the vulnerability by ensuring Hyper-V properly initializes

memory before writing it to disk.

FAQ:




Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1254

Product KB


Restart

Required

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

4516068

Security Important

Information

Disclosure 4512507

Base: 5.5

Temporal: 5 Yes













CVE-2019-1254

1703 for

x64-based

Systems

Update

Vector:


Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for

4512578

Security Important

Information

Disclosure 4511553

Base: 5.5

Temporal: 5 Yes














CVE-2019-1254

x64-based

Systems

Update

Vector:


Windows

Server 2019

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes















CVE-2019-1256 - Win32k Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1256

MITRE

NVD

CVE Title: Win32k Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to

properly handle objects in memory. An attacker who successfully exploited this vulnerability

could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or





The update addresses this vulnerability by correcting how Win32k handles objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1256

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes








CVE-2019-1256

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1256

Service Pack

1

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1256

Only

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1256

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1256

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

4516068

Security Important

Elevation

of

Privilege

4512507 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1256

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1256

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1256

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1256

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1256

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes















CVE-2019-1257 - Microsoft SharePoint Remote Code Execution Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1257

MITRE

NVD

CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to

check the source markup of an application package. An attacker who successfully exploited the

vulnerability could run arbitrary code in the context of the SharePoint application pool and the

SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint

application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source

markup of application packages.

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Execution





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1257


Set

Restart

Required

Microsoft SharePoint Foundation 2010

Service Pack 2

4475605 Security

Update


Execution 4475575

Base: N/A

Temporal: Maybe

https://www.microsoft.com/download/details.aspx?familyid=4a802112-cbf1-4cb9-9f4d-a3aa1a5ba7b2



CVE-2019-1257

N/A

Vector: N/A


Service Pack 1

4484098 Security

Update


Execution 4475565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Enterprise Server

2016

4475590 Security

Update


Execution 4475549

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Server 2019

4475596 Security

Update


Execution 4475555

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

CVE-2019-1259 - Microsoft SharePoint Spoofing Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1259

CVE Title: Microsoft SharePoint Spoofing Vulnerability

Description: Moderate Spoofing

https://www.microsoft.com/download/details.aspx?familyid=10362533-7c43-46ff-bb5d-e7519533e73e


https://www.microsoft.com/download/details.aspx?familyid=7d91d11b-6c09-4f22-802b-bd4e8e7a6ea2


https://www.microsoft.com/download/details.aspx?familyid=ac9ab481-f6e6-4a9a-bd3b-226e9a604e6c




Severity Rating

Vulnerability

Impact

MITRE

NVD

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests

to authorize applications, resulting in cross-site request forgery (CSRF).

To exploit this vulnerability, an attacker would need to create a page specifically designed to

cause a cross-site request. The attacker would then need to convince a targeted user to click a

link to the malicious page.

The security update addresses the vulnerability by helping to ensure that SharePoint Server

properly sanitizes user web requests.

FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00






Severity Rating

Vulnerability

Impact

Affected Software


CVE-2019-1259


Set

Restart

Required

Microsoft SharePoint Foundation 2013 Service

Pack 1

4484098 Security

Update

Moderate Spoofing 4475565

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

CVE-2019-1260 - Microsoft SharePoint Elevation of Privilege Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1260

CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability


Elevation of

Privilege





Severity Rating

Vulnerability

Impact

MITRE

NVD

An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who

successfully exploited this vulnerability could attempt to impersonate another user of the

SharePoint server.

To exploit this vulnerability, an authenticated attacker would send a specially crafted request

to an affected server, thereby allowing the impersonation of another SharePoint user.

The security update addresses the vulnerability by correcting how Microsoft SharePoint

sanitizes user input.

FAQ:



There are multiple update packages available for some of the affected software. Do I

need to install all the updates listed in the Security Updates table for the software?

Yes. Customers should apply all updates offered for the software installed on their systems.

If multiple updates apply, they can be installed in any order.

Mitigations:





Severity Rating

Vulnerability

Impact

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1260


Set

Restart

Required


Service Pack 2

4475605 Security

Update


Privilege 4475575

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe




CVE-2019-1260


Service Pack 1

4484098 Security

Update

4484099 Security

Update


Privilege 4475565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Enterprise Server

2016

4475590 Security

Update

4475594 Security

Update


Privilege 4475549

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


4464557 Security

Update

4475596 Security

Update


Privilege 4475555

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



https://www.microsoft.com/download/details.aspx?familyid=23dc8752-1dbb-4ff0-b1ad-919af60ac8c1

https://www.microsoft.com/download/details.aspx?familyid=23dc8752-1dbb-4ff0-b1ad-919af60ac8c1



https://www.microsoft.com/download/details.aspx?familyid=43679f4f-1d20-46d4-a01d-090f86db8e3a

https://www.microsoft.com/download/details.aspx?familyid=43679f4f-1d20-46d4-a01d-090f86db8e3a

https://www.microsoft.com/downloads/details.aspx?familyid=a1171fff-8b10-48ef-9e58-58955d828e20

https://www.microsoft.com/downloads/details.aspx?familyid=a1171fff-8b10-48ef-9e58-58955d828e20




CVE-2019-1261 - Microsoft SharePoint Spoofing Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1261

MITRE

NVD

CVE Title: Microsoft SharePoint Spoofing Vulnerability

Description:

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests

to authorize applications, resulting in cross-site request forgery (CSRF).

To exploit this vulnerability, an attacker would need to create a page specifically designed to

cause a cross-site request. The attacker would then need to convince a targeted user to click a

link to the malicious page.


properly sanitizes user web requests.

FAQ:



Mitigations:

None

Important Spoofing





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1261


Set

Restart

Required


Pack 1

4484098 Security

Update

Important Spoofing 4475565

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft SharePoint Enterprise Server 2016

4475590 Security

Update


Base: N/A

Temporal: N/A

Vector: N/A

Maybe






CVE-2019-1261


4475596 Security

Update


Base: N/A

Temporal: N/A

Vector: N/A

Maybe

CVE-2019-1262 - Microsoft Office SharePoint XSS Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1262

MITRE

NVD

CVE Title: Microsoft Office SharePoint XSS Vulnerability

Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not

properly sanitize a specially crafted web request to an affected SharePoint server. An

authenticated attacker could exploit the vulnerability by sending a specially crafted request to an

affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting

attacks on affected systems and run script in the security context of the current user. The attacks

could allow the attacker to read content that the attacker is not authorized to read, use the victim's

identity to take actions on the SharePoint site on behalf of the user, such as change permissions

and delete content, and inject malicious content in the browser of the user.

Important Spoofing







Maximum

Severity

Rating

Vulnerability

Impact


properly sanitizes web requests.

FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1262


Set

Restart

Required


Pack 1

4484098 Security

Update


Base: N/A

Temporal: N/A

Vector: N/A

Maybe

CVE-2019-1263 - Microsoft Excel Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1263

MITRE

NVD

CVE Title: Microsoft Excel Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the

contents of its memory. An attacker who exploited the vulnerability could use the information

to compromise the userâ€™s computer or data.


Disclosure







Severity Rating

Vulnerability

Impact

To exploit the vulnerability, an attacker could craft a special document file and then convince

the user to open it. An attacker must know the memory address location where the object was

created.

The update addresses the vulnerability by changing the way certain Excel functions handle

objects in memory.

FAQ:






Mitigations:

None

Workarounds:

None



Severity Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1263


Set

Restart

Required

Microsoft Excel 2010 Service Pack 2

(32-bit editions)

4475574 Security

Update


Disclosure 4464572

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(64-bit editions)

4475574 Security

Update


Disclosure 4464572

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=72b12656-3b12-4114-b6c4-a67612568262

https://www.microsoft.com/download/details.aspx?familyid=72b12656-3b12-4114-b6c4-a67612568262

https://www.microsoft.com/download/details.aspx?familyid=d1c9fd5a-a0b4-40f8-8bc7-12d88e543b25

https://www.microsoft.com/download/details.aspx?familyid=d1c9fd5a-a0b4-40f8-8bc7-12d88e543b25


CVE-2019-1263


(32-bit editions)

4475566 Security

Update


Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(64-bit editions)

4475566 Security

Update


Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Excel 2013 RT Service Pack

1

4475566 Security

Update


Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2016 for Mac

Release Notes Security

Update


Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

No

Microsoft Excel 2016 (32-bit edition)

4475579 Security

Update


Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Excel 2016 (64-bit edition)

4475579 Security

Update


Disclosure 4475513

Base: N/A

Temporal: Maybe

https://www.microsoft.com/download/details.aspx?familyid=46b94ad8-1a00-45d3-95fd-6b398f4ce94e

https://www.microsoft.com/download/details.aspx?familyid=46b94ad8-1a00-45d3-95fd-6b398f4ce94e

https://www.microsoft.com/download/details.aspx?familyid=24b2ce6d-b1be-46a2-89db-e1e7a81903c8

https://www.microsoft.com/download/details.aspx?familyid=24b2ce6d-b1be-46a2-89db-e1e7a81903c8

https://go.microsoft.com/fwlink/p/?linkid=831049


https://www.microsoft.com/download/details.aspx?familyid=51e2ed83-2fee-41d4-86f1-2b720f6159f7

https://www.microsoft.com/download/details.aspx?familyid=51e2ed83-2fee-41d4-86f1-2b720f6159f7

https://www.microsoft.com/download/details.aspx?familyid=2297d8da-f7e4-4feb-b523-4de02d5cd465

https://www.microsoft.com/download/details.aspx?familyid=2297d8da-f7e4-4feb-b523-4de02d5cd465


CVE-2019-1263

N/A

Vector: N/A

Microsoft Office 2019 for 32-bit

editions

Click to Run Security

Update


Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No

Microsoft Office 2019 for 64-bit

editions


Update


Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No

Microsoft Office 2019 for Mac

Release Notes Security

Update


Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No

Office 365 ProPlus for 32-bit Systems


Update


Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No



Update


Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No




CVE-2019-1264 - Microsoft Office Security Feature Bypass Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1264

MITRE

NVD

CVE Title: Microsoft Office Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Office improperly handles input.

An attacker who successfully exploited the vulnerability could execute arbitrary commands.

In a file-sharing attack scenario, an attacker could provide a specially crafted document file

designed to exploit the vulnerability, and then convince a user to open the document file and

interact with the document by clicking a specific cell.

The update addresses the vulnerability by correcting how Microsoft Office handles input.

FAQ:



Mitigations:

None

Workarounds:


Bypass





Severity Rating

Vulnerability

Impact

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1264


Set

Restart

Required

Microsoft Project 2010 Service Pack 2

(32-bit editions)

4461631 Security

Update


Bypass 4022147

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(64-bit editions)

4461631 Security

Update


Bypass 4022147

Base: N/A

Temporal: Maybe

https://www.microsoft.com/download/details.aspx?familyid=510cf414-3364-4143-bcc8-0355e28d773b

https://www.microsoft.com/download/details.aspx?familyid=510cf414-3364-4143-bcc8-0355e28d773b

https://www.microsoft.com/download/details.aspx?familyid=86a41f85-8a77-40ef-8563-dfa32479044f

https://www.microsoft.com/download/details.aspx?familyid=86a41f85-8a77-40ef-8563-dfa32479044f


CVE-2019-1264

N/A

Vector: N/A

Microsoft Office 2010 Service Pack 2

(32-bit editions)

4464566 Security

Update


Bypass 4462223

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(64-bit editions)

4464566 Security

Update


Bypass 4462223

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(32-bit editions)

4475607 Security

Update


Bypass 4464558

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(64-bit editions)

4475607 Security

Update


Bypass 4464558

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2013 RT Service Pack

1

4475607 Security

Update


Bypass 4464558

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=fd98c400-633f-4bab-aa10-419ac125922e

https://www.microsoft.com/download/details.aspx?familyid=fd98c400-633f-4bab-aa10-419ac125922e

https://www.microsoft.com/download/details.aspx?familyid=f653326b-f23e-41dc-9901-0aa0d536ec07

https://www.microsoft.com/download/details.aspx?familyid=f653326b-f23e-41dc-9901-0aa0d536ec07

https://www.microsoft.com/download/details.aspx?familyid=39bb5cf0-ff70-422f-b3bc-0a0711da9f01





CVE-2019-1264

Microsoft Office 2016 (32-bit edition)

4475583 Security

Update


Bypass 4462242

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2016 (64-bit edition)

4475583 Security

Update


Bypass 4462242

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Project 2016 (32-bit edition)

4475589 Security

Update


Bypass 4461478

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Project 2016 (64-bit edition)

4475589 Security

Update


Bypass 4461478

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(32-bit editions)

4464548 Security

Update


Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


(64-bit editions)

4464548 Security

Update


Bypass 4461489

Base: N/A

Temporal: Maybe

https://www.microsoft.com/download/details.aspx?familyid=c5e4e0c8-08ea-4bda-a557-b5f1f3d6e9f3

https://www.microsoft.com/download/details.aspx?familyid=c5e4e0c8-08ea-4bda-a557-b5f1f3d6e9f3

https://www.microsoft.com/download/details.aspx?familyid=0410056d-c298-4c0d-86bc-e47e46161c4d

https://www.microsoft.com/download/details.aspx?familyid=0410056d-c298-4c0d-86bc-e47e46161c4d

https://www.microsoft.com/download/details.aspx?familyid=ed368a6d-38c1-4c86-a577-9e28294dd541

https://www.microsoft.com/download/details.aspx?familyid=ed368a6d-38c1-4c86-a577-9e28294dd541

https://www.microsoft.com/download/details.aspx?familyid=0cf1d444-4aa0-4cbe-a25a-3bd9dfc1d29d

https://www.microsoft.com/download/details.aspx?familyid=0cf1d444-4aa0-4cbe-a25a-3bd9dfc1d29d

https://www.microsoft.com/download/details.aspx?familyid=8eb0d7c0-8def-4d00-a8c9-1b0f78f691d9





CVE-2019-1264

N/A

Vector: N/A

Microsoft Office 2019 for 32-bit editions


Update


Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No

Microsoft Office 2019 for 64-bit editions


Update


Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No



Update


Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No



Update


Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No


CVE-2019-1265 - Microsoft Yammer Security Feature Bypass Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1265

MITRE

NVD

CVE Title: Microsoft Yammer Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails

to apply the correct Intune MAM Policy.

This could allow an attacker to perform functions that are restricted by Intune Policy.

The security update addresses the vulnerability by correcting the way the policy is applied to

Yammer App.

FAQ:

How do I get the update for Yammer for Android?

1. Tap the Google Play icon on your home screen.

2. Swipe in from the left edge of the screen.

3. Tap My apps & games.

4. Tap the Update box next to the Yammer app.

Is there a direct link on the web?


Bypass





Severity Rating

Vulnerability

Impact

Yes: https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US

What versions of the Yammer for Android App contain the fix for this vulnerability?

Yammer for Android App versions 5.6.10 or higher are not affected by this vulnerability.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US


CVE-2019-1265


Yammer for Android Important Security Feature Bypass

Base: N/A

Temporal: N/A

Vector: N/A

CVE-2019-1266 - Microsoft Exchange Spoofing Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1266

MITRE

NVD

CVE Title: Microsoft Exchange Spoofing Vulnerability

Description:

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA)

fails to properly handle web requests. An attacker who successfully exploited the vulnerability

could perform script or content injection attacks, and attempt to trick the user into disclosing

sensitive information. An attacker could also redirect the user to a malicious website that could

spoof content or the vulnerability could be used as a pivot to chain an attack with other

vulnerabilities in web services.

Important Spoofing





Maximum

Severity

Rating

Vulnerability

Impact

To exploit the vulnerability, an attacker could send a specially crafted email containing a

malicious link to a user. An attacker could also use a chat client to social engineer a user into

clicking the malicious link. However, in both examples the user must click the malicious link.

The security update addresses the vulnerability by correcting how OWA validates web requests.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1266


Set

Restart

Required


Update 12

4515832 Security

Update


Base: N/A

Temporal: N/A

Vector: N/A

Maybe


Update 1

4515832 Security

Update


Base: N/A

Temporal: N/A

Vector: N/A

Maybe


Update 2

4515832 Security

Update


Base: N/A

Temporal: N/A

Vector: N/A

Maybe


Update 13

4515832 Security

Update


Base: N/A

Temporal: N/A

Vector: N/A

Maybe










CVE-2019-1267 - Microsoft Compatibility Appraiser Elevation of Privilege

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1267

MITRE

NVD

CVE Title: Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a

configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An

attacker who successfully exploited this vulnerability could run processes in an elevated context.

An attacker could then install programs; view, change or delete data.




The security update addresses the vulnerability by writing the file to a location with an appropriate

Access Control List.

FAQ:

None


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1267

Product KB


Restart

Required

Windows 7 for

32-bit Systems

Service Pack 1

4516033

Security

Only

Important

Elevation

of

Privilege

4512506 Base: 7.3

Temporal: 6.6 Yes





CVE-2019-1267

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C

Windows 7 for

x64-based

Systems

Service Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

(Server Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-Based

4516033

Security

Only

4516065

Monthly

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes






















CVE-2019-1267

Systems

Service Pack 1

Rollup

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes





















CVE-2019-1267

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes




















CVE-2019-1267

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1703

4516068

Security Important

Elevation

of

Privilege

4512507 Base: 7.3

Temporal: 6.6 Yes



















CVE-2019-1267

for x64-based

Systems

Update

Vector:


Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes


















CVE-2019-1267

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2019

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 7.3

Temporal: 6.6 Yes



















CVE-2019-1267

(Server Core

installation)

Update

Vector:


Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server,

version 1903

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes


















CVE-2019-1267

(Server Core

installation)

CVE-2019-1268 - Winlogon Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1268

MITRE

NVD

CVE Title: Winlogon Elevation of Privilege Vulnerability

Description:

An elevation of privilege exists when Winlogon does not properly handle file path information.

An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker

could then install programs; view, change, or delete data; or create new accounts with full user

rights.


could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how Winlogon handles path information.

FAQ:

None


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1268

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Elevation

of

Privilege

4512506 Base: 6.5

Temporal: 5.9 Yes





CVE-2019-1268

Service Pack

1

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

R2 for

4516033

Security

Only

Important

Elevation

of

Privilege

4512506 Base: 6.5

Temporal: 5.9 Yes




















CVE-2019-1268

Itanium-

Based

Systems

Service Pack

1

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

Important

Elevation

of

Privilege

4512518 Base: 6.5

Temporal: 5.9 Yes




















CVE-2019-1268

4516062

Security

Only

Vector:


Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes






















CVE-2019-1268

Rollup

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security Important

Elevation

of

Privilege

4512497 Base: 6.5

Temporal: 5.9 Yes

















CVE-2019-1268

Update

Vector:


Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes


















CVE-2019-1268

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 6.5

Temporal: 5.9 Yes



















CVE-2019-1268

for x64-based

Systems

Update

Vector:


Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1809

for ARM64-

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 6.5

Temporal: 5.9 Yes

















CVE-2019-1268

based

Systems

Update

Vector:


Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes


















CVE-2019-1268

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes



















CVE-2019-1268

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes















CVE-2019-1269 - Windows ALPC Elevation of Privilege Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1269

MITRE

NVD

CVE Title: Windows ALPC Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when Windows improperly handles calls to

Advanced Local Procedure Call (ALPC).

An attacker who successfully exploited this vulnerability could run arbitrary code in the

security context of the local system. An attacker could then install programs; view, change, or



could then run a specially crafted application that could exploit the vulnerability and take

control over an affected system.

The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

FAQ:

None

Mitigations:

None

Workarounds:


Privilege





Severity Rating

Vulnerability

Impact

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1269

Product KB


Restart

Required

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

Yes








CVE-2019-1269

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes



















CVE-2019-1269

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes


















CVE-2019-1269

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 6.3

Temporal: 5.7 Yes



















CVE-2019-1269

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1269

for x64-based

Systems

Update

Vector:


Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

4515384

Security Important

Elevation

of

Privilege

4512508 Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1269

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes












CVE-2019-1270 - Microsoft Windows Store Installer Elevation of Privilege

Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1270

MITRE

NVD

CVE Title: Microsoft Windows Store Installer Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows store installer where WindowsApps

directory is vulnerable to symbolic link attack. An attacker who successfully exploited this

vulnerability could bypass access restrictions to add or remove files.


could then run a specially crafted application that could exploit the vulnerability and add or

remove files.

The security update addresses the vulnerability by not allowing reparse points in the

WindowsApps directory.

FAQ:

None

Mitigations:

None


Privilege





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1270

Product KB


Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes





CVE-2019-1270

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

4516068

Security Important

Elevation

of

Privilege

4512507 Base: 6.3

Temporal: 5.7 Yes



















CVE-2019-1270

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes


















CVE-2019-1270

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1270

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1270

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

CVE-2019-1271 - Windows Media Elevation of Privilege Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1271

MITRE

NVD

CVE Title: Windows Media Elevation of Privilege Vulnerability

Description:

An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An

attacker who successfully exploited this vulnerability could run processes in an elevated

context. An attacker could then install programs; view, change or delete data.


Privilege











Severity Rating

Vulnerability

Impact


could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how hdAudio.sys stores the size of the

reserved region.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1271

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C

Yes

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

R2 for x64-

based Systems

Service Pack

1 (Server Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes




















CVE-2019-1271

Windows

Server 2008

R2 for

Itanium-Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

R2 for x64-

based Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes




















CVE-2019-1271

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes




















CVE-2019-1271

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes



















CVE-2019-1271

Rollup

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes


















CVE-2019-1271

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 7

Temporal: 6.3 Yes



















CVE-2019-1271

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes


















CVE-2019-1271

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1903

4515384

Security Important

Elevation

of

Privilege

4512508 Base: 7

Temporal: 6.3 Yes



















CVE-2019-1271

for x64-based

Systems

Update

Vector:


Windows 10

Version 1903

for ARM64-

based Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes




















CVE-2019-1271

Service Pack

2

Only

Windows

Server 2008

for x64-based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack

2 (Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes















CVE-2019-1272 - Windows ALPC Elevation of Privilege Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-1272

MITRE

NVD

CVE Title: Windows ALPC Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when Windows improperly handles calls to

Advanced Local Procedure Call (ALPC).

An attacker who successfully exploited this vulnerability could run arbitrary code in the

security context of the local system. An attacker could then install programs; view, change, or



could then run a specially crafted application that could exploit the vulnerability and take

control over an affected system.

The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

FAQ:

None

Mitigations:

None

Workarounds:


Privilege





Severity Rating

Vulnerability

Impact

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1272

Product KB


Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security Important

Elevation

of

Privilege

4512497 Base: 6.3

Temporal: 5.7 Yes







CVE-2019-1272

Update

Vector:


Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes


















CVE-2019-1272

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 6.3

Temporal: 5.7 Yes



















CVE-2019-1272

(Server Core

Installation)

Update

Vector:


Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1272

Update

Vector:


Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes


















CVE-2019-1272

based

Systems

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

CVE-2019-1273 - Active Directory Federation Services XSS Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1273

MITRE

NVD

CVE Title: Active Directory Federation Services XSS Vulnerability

Description:

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services

(ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit

the vulnerability by sending a specially crafted request to an affected ADFS server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting

attacks on affected systems and run scripts in the security context of the current user. The attacks

could allow the attacker to read content that the attacker is not authorized to read, use the victim's

Important Spoofing








Maximum

Severity

Rating

Vulnerability

Impact

identity to take actions on the ADFS site on behalf of the user, such as change permissions and

delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that ADFS error handling

properly sanitizes error messages.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1273

Product KB


Restart

Required

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update


Base: 8.2

Temporal: 7.4

Vector:

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C

Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows 10

Version 1809

4512578

Security Important Spoofing 4511553

Base: 8.2

Temporal: 7.4 Yes
















CVE-2019-1273

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes


















CVE-2019-1273

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

CVE-2019-1274 - Windows Kernel Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

CVE Title: Windows Kernel Information Disclosure Vulnerability


Information

Disclosure












Severity Rating

Vulnerability

Impact

1274

MITRE

NVD

An information disclosure vulnerability exists when the Windows kernel fails to properly

initialize a memory address. An attacker who successfully exploited this vulnerability could

obtain information to further compromise the userâ€™s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a


The security update addresses the vulnerability by correcting how the Windows kernel

initializes memory.

FAQ:




Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00





Severity Rating

Vulnerability

Impact


Affected Software


CVE-2019-1274

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 7

for x64-

based

4516033

Security

Only


Disclosure 4512506

Base: 6.3

Temporal: 5.7 Yes











CVE-2019-1274

Systems

Service Pack

1

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 6.3

Temporal: 5.7 Yes



















CVE-2019-1274

R2 for x64-

based

Systems

Service Pack

1

Only

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup


Disclosure 4512518

Base: 6.3

Temporal: 5.7 Yes





















CVE-2019-1274

(Server Core

installation)

4516062

Security

Only

Vector:


Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 8.1

for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes






















CVE-2019-1274

Rollup

Windows RT

8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1274

Update

Vector:


Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update


Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for x64-

based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update


Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update


Disclosure 4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for x64-

4516068

Security

Update


Disclosure 4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes


















CVE-2019-1274

based

Systems

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for x64-

based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for x64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1803

4516058

Security Important

Information

Disclosure 4512501

Base: 6.3

Temporal: 5.7 Yes
















CVE-2019-1274

(Server Core

Installation)

Update

Vector:


Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for x64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security Important

Information

Disclosure 4511553

Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1274

Update

Vector:


Windows

Server 2019

(Server Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for x64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

4515384

Security Important

Information

Disclosure 4512508

Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1274

based

Systems

Update

Vector:


Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 6.3

Temporal: 5.7 Yes




















CVE-2019-1274

for x64-

based

Systems

Service Pack

2

Rollup

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes












CVE-2019-1277 - Windows Audio Service Elevation of Privilege

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1277

MITRE

NVD

CVE Title: Windows Audio Service Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows Audio Service when a malformed

parameter is processed. An attacker who successfully exploited the vulnerability could run

arbitrary code with elevated privileges when used in conjunction with another vulnerability.

To exploit the vulnerability, an attacker could run a specially crafted application locally. This

vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be

used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability

and another elevation of privilege) that could take advantage of the elevated privileges when

running.

The update addresses the vulnerability by correcting how the Windows Audio Service handles

these parameters.

FAQ:


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1277

Product KB


Restart

Required


CVE-2019-1277

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1277

for x64-based

Systems

Update

Vector:


Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1277

based

Systems

Update

Vector:


Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1277

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes



Severity Rating

Vulnerability

Impact

CVE-

2019-1278

MITRE

NVD


Description:

An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects

in memory. An attacker who successfully exploited the vulnerability could execute code with

elevated permissions.


Privilege











Severity Rating

Vulnerability

Impact

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted

application.

The security update addresses the vulnerability by ensuring the unistore.dll properly handles

objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1278

Product KB


Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1278

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

4516058

Security Important

Elevation

of

Privilege

4512501 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1278

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1809

4512578

Security Important

Elevation

of

Privilege

4511553 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1278

for x64-based

Systems

Update

Vector:


Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

4515384

Security Important

Elevation

of

Privilege

4512508 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1278

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes












CVE-2019-1280 - LNK Remote Code Execution Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1280

MITRE

NVD

CVE Title: LNK Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code

execution if a .LNK file is processed.

An attacker who successfully exploited this vulnerability could gain the same user rights as the

local user. Users whose accounts are configured to have fewer user rights on the system could be

less impacted than users who operate with administrative user rights.

The attacker could present to the user a removable drive, or remote share, that contains a

malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote

share) in Windows Explorer, or any other application that parses the .LNK file, the malicious

binary will execute code of the attackerâ€™s choice, on the target system.

The security update addresses the vulnerability by correcting the processing of shortcut LNK

references.

FAQ:

None


Execution





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1280

Product KB


Restart

Required

Windows 7

for 32-bit

4516033

Security

Only

Critical

Remote

Code

Execution

4512506 Base: 7.3

Temporal: 6.6 Yes





CVE-2019-1280

Systems

Service Pack 1

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Windows 7

for x64-based

Systems

Service Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

(Server Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-Based

4516033

Security

Only

4516065

Monthly

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes






















CVE-2019-1280

Systems

Service Pack 1

Rollup

Windows

Server 2008

R2 for x64-

based Systems

Service Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack 2

(Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Critical

Remote

Code

Execution

4512518

Base: 7.3

Temporal: 6.6

Vector:


Yes





















CVE-2019-1280

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Critical

Remote

Code

Execution

4512518

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes




















CVE-2019-1280

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes

















CVE-2019-1280

Windows 10

for x64-based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1607

for x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1703

4516068

Security Critical

Remote

Code

Execution

4512507 Base: 7.3

Temporal: 6.6 Yes



















CVE-2019-1280

for 32-bit

Systems

Update

Vector:


Windows 10

Version 1703

for x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes


















CVE-2019-1280

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

















CVE-2019-1280

Windows

Server 2019

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

4515384

Security Critical

Remote

Code

Execution

4512508 Base: 7.3

Temporal: 6.6 Yes



















CVE-2019-1280

for ARM64-

based Systems

Update

Vector:


Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes


















CVE-2019-1280

Windows

Server 2008

for x64-based

Systems

Service Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for x64-based

Systems

Service Pack 2

(Server Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes














CVE-2019-1282 - Windows Common Log File System Driver Information

Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1282

MITRE

NVD

CVE Title: Windows Common Log File System Driver Information Disclosure Vulnerability

Description:

An information disclosure exists in the Windows Common Log File System (CLFS) driver

when it fails to properly handle sandbox checks. An attacker who successfully exploited this

vulnerability could potentially read data outside their expected limits.



The security update addresses the vulnerability by correcting how CLFS handles sandbox

checks.

FAQ:



vulnerability is unauthorized file system access - reading from the file system.


Disclosure





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1282

Product KB


Restart

Required

Windows 7

for 32-bit

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes




CVE-2019-1282

Systems

Service Pack

1

Only

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes




















CVE-2019-1282

R2 for

Itanium-

Based

Systems

Service Pack

1

Only

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2012

4516055

Monthly Important

Information

Disclosure 4512518

Base: 5.5

Temporal: 5 Yes




















CVE-2019-1282

Rollup

4516062

Security

Only

Vector:


Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes






















CVE-2019-1282

Monthly

Rollup

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


Yes
















CVE-2019-1282

Windows 10

for 32-bit

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2016

4516044

Security Important

Information

Disclosure 4512517

Base: 5.5

Temporal: 5 Yes



















CVE-2019-1282

(Server Core

installation)

Update

Vector:


Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

4516058

Security Important

Information

Disclosure 4512501

Base: 5.5

Temporal: 5 Yes

















CVE-2019-1282

1803 for 32-

bit Systems

Update

Vector:


Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes















CVE-2019-1282

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


Yes

















CVE-2019-1282

based

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


Yes














CVE-2019-1282

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

4516026

Monthly Important

Information

Disclosure 4512476

Base: 5.5

Temporal: 5 Yes






















CVE-2019-1282

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

Rollup

4516051

Security

Only

Vector:


CVE-2019-1283 - Microsoft Graphics Components Information Disclosure

Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1283

MITRE

NVD

CVE Title: Microsoft Graphics Components Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists in the way that Microsoft Graphics Components

handle objects in memory. An attacker who successfully exploited the vulnerability could

obtain information that could be useful for further exploitation.

To exploit the vulnerability, a user would have to open a specially crafted file.


Disclosure









Severity Rating

Vulnerability

Impact

The security update addresses the vulnerability by correcting how Microsoft Graphics

Components handle objects in memory.

FAQ:




Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1283

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

4516033

Security Important

Information

Disclosure 4512506

Base: 5.5

Temporal: 5 Yes
















CVE-2019-1283

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

Only

4516065

Monthly

Rollup

Vector:


Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


Yes


















CVE-2019-1284 - DirectX Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1284

MITRE

NVD

CVE Title: DirectX Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when DirectX improperly handles objects in

memory. An attacker who successfully exploited this vulnerability could run arbitrary code in

kernel mode. An attacker could then install programs; view, change, or delete data; or create new

accounts with full user rights.




The update addresses the vulnerability by correcting how DirectX handles objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1284

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes








CVE-2019-1284

Windows 7

for x64-based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1284

Service Pack

1

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes


















overview - home | nsfocus

Documents