2019 9 11 - blog.nsfocus.net

@绿盟科技 2019 http://www.nsfocus.com

微软发布 9 月补丁修复 81 个安全问题

安全威胁通告

发布时间：2019 年 9 月 11 日

综述

微软于周二发布了 9 月安全更新补丁，修复了 81 个从简单的欺骗攻击到远程执行代码的安全问题，产品涉及.NET Core、.NET

Framework、Active Directory、Adobe Flash Player、ASP.NET、Common Log File System Driver、Microsoft Browsers、Microsoft

Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft

Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Yammer、Project Rome、Servicing Stack


Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Visual Studio、Windows Hyper-V、Windows Kernel

以及 Windows RDP。

相关信息如下：

产品 CVE 编号 CVE 标题严重程度

.NET Core CVE-2019-1301 .NET Core 拒绝服务漏洞 Important

.NET Framework CVE-2019-1142 .NET Framework 特权提升漏洞 Important

Active Directory CVE-2019-1273 Active Directory Federation

Services XSS Vulnerability Important

Adobe Flash Player ADV190022 September 2019 Adobe Flash

安全更新 Critical

ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of

Privilege Vulnerability Important


Common Log File System Driver CVE-2019-1214

Windows Common Log File

System Driver 特权提升漏洞 Important

Common Log File System Driver CVE-2019-1282

Windows Common Log File

System Driver 信息泄露漏洞 Important

Microsoft Browsers CVE-2019-1220 Microsoft Browser 安全功能绕

过漏洞

Important

Microsoft Edge CVE-2019-1299

Microsoft Edge based on Edge

HTML 信息泄露漏洞 Important

Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange 拒绝服务漏

洞

Important

Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange 欺骗漏洞 Important


Microsoft Graphics Component CVE-2019-1216 DirectX 信息泄露漏洞 Important

Microsoft Graphics Component CVE-2019-1244 DirectWrite 信息泄露漏洞 Important



Microsoft Graphics Component CVE-2019-1252 Windows GDI 信息泄露漏洞 Important

Microsoft Graphics Component CVE-2019-1283 Microsoft Graphics Components

信息泄露漏洞 Important

Microsoft Graphics Component CVE-2019-1284 DirectX 特权提升漏洞 Important

Microsoft Graphics Component CVE-2019-1286 Windows GDI 信息泄露漏洞 Important


Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine 远程代码执

行漏洞

Important


行漏洞

Important


行漏洞

Important


行漏洞

Important


行漏洞

Important


行漏洞

Important



行漏洞

Important


行漏洞

Important


行漏洞

Important

Microsoft Office CVE-2019-1297 Microsoft Excel 远程代码执行漏

洞

Important

Microsoft Office CVE-2019-1263 Microsoft Excel 信息泄露漏洞 Important

Microsoft Office CVE-2019-1264 Microsoft Office 安全功能绕过

漏洞

Important


Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint 远程代码

执行漏洞

Critical

Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint 欺骗漏洞 Moderate

Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint 特权提升

漏洞

Important

Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint 欺骗漏洞 Important

Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS

Vulnerability Important


执行漏洞

Critical



执行漏洞

Critical

Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine 内存破

坏漏洞

Moderate

Microsoft Scripting Engine CVE-2019-1208 VBScript 远程代码执行漏洞 Critical


坏漏洞

Critical

Microsoft Scripting Engine CVE-2019-1221 Scripting Engine 内存破坏漏洞 Critical

Microsoft Scripting Engine CVE-2019-1236 VBScript 远程代码执行漏洞 Critical



坏漏洞

Critical


坏漏洞

Moderate


坏漏洞

Critical

Microsoft Windows CVE-2019-1215 Windows 特权提升漏洞 Important

Microsoft Windows CVE-2019-1219 Windows Transaction Manager

信息泄露漏洞 Important

Microsoft Windows CVE-2019-1267

Microsoft Compatibility

Appraiser 特权提升漏洞 Important


Microsoft Windows CVE-2019-1268 Winlogon 特权提升漏洞 Important

Microsoft Windows CVE-2019-1269 Windows ALPC 特权提升漏洞 Important


Microsoft Windows Store

Installer 特权提升漏洞 Important

Microsoft Windows CVE-2019-1271 Windows Media 特权提升漏洞 Important

Microsoft Windows CVE-2019-1272 Windows ALPC 特权提升漏洞 Important


Windows Text Service

Framework 特权提升漏洞 Important



Microsoft Windows CVE-2019-1277 Windows Audio Service 特权提

升漏洞

Important


Microsoft Windows CVE-2019-1280 LNK 远程代码执行漏洞 Critical


Windows Network Connectivity

Assistant 特权提升漏洞 Important


Windows Update Delivery

Optimization 特权提升漏洞 Important

Microsoft Windows CVE-2019-1292 Windows 拒绝服务漏洞 Important


Microsoft Windows CVE-2019-1294 Windows Secure Boot 安全功能

绕过漏洞

Important


Microsoft Yammer CVE-2019-1265 Microsoft Yammer 安全功能绕

过漏洞

Important

Project Rome CVE-2019-1231 Rome SDK 信息泄露漏洞 Important

Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical

Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 信息泄露漏洞 Important

Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-

site Scripting Vulnerability Important


Team Foundation Server CVE-2019-1306

Azure DevOps and Team

Foundation Server 远程代码执

行漏洞

Critical

Visual Studio CVE-2019-1232

Diagnostics Hub Standard

Collector Service 特权提升漏洞 Important

Windows Hyper-V CVE-2019-0928 Windows Hyper-V 拒绝服务漏

洞

Important

Windows Hyper-V CVE-2019-1254 Windows Hyper-V 信息泄露漏

洞

Important

Windows Kernel CVE-2019-1274 Windows Kernel 信息泄露漏洞 Important

Windows Kernel CVE-2019-1256 Win32k 特权提升漏洞 Important


Windows Kernel CVE-2019-1285 Win32k 特权提升漏洞 Important

Windows Kernel CVE-2019-1293 Windows SMB Client Driver 信

息泄露漏洞

Important

Windows RDP CVE-2019-0787 Remote Desktop Client 远程代

码执行漏洞

Critical


码执行漏洞

Critical


码执行漏洞

Critical


码执行漏洞

Critical


修复建议

微软官方已经发布更新补丁，请及时进行补丁更新。


附件

ADV190022 - September 2019 Adobe Flash Security Update

CVE ID Vulnerability Description

Maximu

m

Severity

Rating

Vulnerabilit

y Impact

ADV19002

2

MITRE

NVD

CVE Title: September 2019 Adobe Flash Security Update

Description:

This security update addresses the following vulnerability, which is described in Adobe Security

Bulletin APSB19-46: CVE-2019-8069 and CVE-2019-8070.

.

FAQ:

How could an attacker exploit these vulnerabilities? In a web-based attack scenario where

the user is using Internet Explorer for the desktop, an attacker could host a specially crafted

website that is designed to exploit any of these vulnerabilities through Internet Explorer and

then convince a user to view the website. An attacker could also embed an ActiveX control

marked "safe for initialization" in an application or Microsoft Office document that hosts the IE

Critical

Remote

Code

Execution

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=ADV190022

https://web.nvd.nist.gov/view/vuln/detail?vulnId=ADV190022

https://helpx.adobe.com/security/products/Digital-Editions/apsb19-46.html



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

rendering engine. The attacker could also take advantage of compromised websites and

websites that accept or host user-provided content or advertisements. These websites could

contain specially crafted content that could exploit any of these vulnerabilities. In all cases,

however, an attacker would have no way to force users to view the attacker-controlled content.

Instead, an attacker would have to convince users to take action, typically by clicking a link in

an email message or in an Instant Messenger message that takes users to the attacker's

website, or by opening an attachment sent through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-

style UI, an attacker would first need to compromise a website already listed in the

Compatibility View (CV) list. An attacker could then host a website that contains specially

crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer

and then convince a user to view the website. An attacker would have no way to force users to

view the attacker-controlled content. Instead, an attacker would have to convince users to take

action, typically by clicking a link in an email message or in an Instant Messenger message that

takes users to the attacker's website, or by opening an attachment sent through email. For

more information about Internet Explorer and the CV List, please see the MSDN Article,

Developer Guidance for websites with content for Adobe Flash Player in Windows 8.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

Mitigations:

Workarounds:

Workaround refers to a setting or configuration change that would help block known attack

vectors before you apply the update.

Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe

Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as

Office 2007 and Office 2010, by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may

require you to reinstall your operating system. Microsoft cannot guarantee that you can solve

problems that result from using Registry Editor incorrectly. Use Registry Editor at your own

risk. To set the kill bit for the control in the registry, perform the following steps:

1. Paste the following into a text file and save it with the .reg file extension.

2. Windows Registry Editor Version 5.00

3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX

Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

4. "Compatibility Flags"=dword:00000400

5.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

6. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX

Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

7. "Compatibility Flags"=dword:00000400

8. Double-click the .reg file to apply it to an individual system.

You can also apply this workaround across domains by using Group Policy. For more

information about Group Policy, see the TechNet article, Group Policy collection.

Note You must restart Internet Explorer for your changes to take effect. Impact of

workaround. There is no impact as long as the object is not intended to be used in Internet

Explorer. How to undo the workaround. Delete the registry keys that were added in

implementing this workaround. Prevent Adobe Flash Player from running in Internet

Explorer through Group Policy Note The Group Policy MMC snap-in can be used to set

policy for a machine, for an organizational unit, or for an entire domain. For more information

about Group Policy, visit the following Microsoft Web sites:

Group Policy Overview What is Group Policy Object Editor? Core Group Policy tools and

settings

To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following

steps: Note This workaround does not prevent Flash from being invoked from other

applications, such as Microsoft Office 2007 or Microsoft Office 2010.

https://technet.microsoft.com/library/hh831791

https://technet.microsoft.com/library/cc737816%28v=ws.10%29.aspx





Maximu

m

Severity

Rating

Vulnerabilit

y Impact

1. Open the Group Policy Management Console and configure the console to work with

the appropriate Group Policy object, such as local machine, OU, or domain GPO.

2. Navigate to the following node: Administrative Templates -> Windows Components

-> Internet Explorer -> Security Features -> Add-on Management

3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications

from using Internet Explorer technology to instantiate Flash objects.

4. Change the setting to Enabled.

5. Click Apply and then click OK to return to the Group Policy Management Console.

6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh

interval for the settings to take effect. Prevent Adobe Flash Player from running in

Office 2010 on affected systems Note This workaround does not prevent Adobe Flash

Player from running in Internet Explorer. Warning If you use Registry Editor incorrectly,

you may cause serious problems that may require you to reinstall your operating

system. Microsoft cannot guarantee that you can solve problems that result from using

Registry Editor incorrectly. Use Registry Editor at your own risk. For detailed steps that

you can use to prevent a control from running in Internet Explorer, see Microsoft

Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility

Flags value in the registry to prevent a COM object from being instantiated in Internet

Explorer.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for

Adobe Flash Player in the registry using the following steps:

1. Create a text file named Disable_Flash.reg with the following contents:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27C

DB6E-AE6D-11CF-96B8-444553540000}]

"Compatibility Flags"=dword:00000400

2. Double-click the .reg file to apply it to an individual system.

3. Note You must restart Internet Explorer for your changes to take effect. You can also

apply this workaround across domains by using Group Policy. For more information

about Group Policy, see the TechNet article, Group Policy collection. Prevent ActiveX

controls from running in Office 2007 and Office 2010

To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including

Adobe Flash Player in Internet Explorer, perform the following steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings.

http://go.microsoft.com/fwlink/?LinkID=215719



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without

notifications.

3. Click OK to save your settings. Impact of workaround. Office documents that use

embedded ActiveX controls may not display as intended. How to undo the

workaround.

To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the

following steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings.

2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls

without notifications.

3. Click OK to save your settings. Set Internet and Local intranet security zone settings

to "High" to block ActiveX Controls and Active Scripting in these zones You can

help protect against exploitation of these vulnerabilities by changing your settings for

the Internet security zone to block ActiveX controls and Active Scripting. You can do this

by setting your browser security to High.

To raise the browsing security level in Internet Explorer, perform the following steps:

1. On the Internet Explorer Tools menu, click** Internet Option**s.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

2. In the Internet Options dialog box, click the Security tab, and then click Internet.

3. Under Security level for this zone, move the slider to High. This sets the security level

for all websites you visit to High.

4. Click Local intranet.

5. Under Security level for this zone, move the slider to High. This sets the security level

for all websites you visit to High.

6. Click OK to accept the changes and return to Internet Explorer. Note If no slider is

visible, click Default Level, and then move the slider to High. Note Setting the level to

High may cause some websites to work incorrectly. If you have difficulty using a website

after you change this setting, and you are sure the site is safe to use, you can add that

site to your list of trusted sites. This will allow the site to work correctly even with the

security setting set to High. Impact of workaround. There are side effects to blocking

ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use

ActiveX or Active Scripting to provide additional functionality. For example, an online e-

commerce site or banking site may use ActiveX Controls to provide menus, ordering

forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a

global setting that affects all Internet and intranet sites. If you do not want to block

ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites

that you trust to the Internet Explorer Trusted sites zone". Configure Internet Explorer



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

to prompt before running Active Scripting or to disable Active Scripting in the

Internet and Local intranet security zone

You can help protect against exploitation of these vulnerabilities by changing your settings to

prompt before running Active Scripting or to disable Active Scripting in the Internet and Local

intranet security zone. To do this, perform the following steps:

1. In Internet Explorer, click Internet Options on the Tools menu.

2. Click the Security tab.

3. Click Internet, and then click Custom Level.

4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or

Disable, and then click OK.

5. Click Local intranet, and then click Custom Level.

6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or

Disable, and then click OK.

7. Click OK to return to Internet Explorer, and then click OK again. Note Disabling Active

Scripting in the Internet and Local intranet security zones may cause some websites to

work incorrectly. If you have difficulty using a website after you change this setting, and

you are sure the site is safe to use, you can add that site to your list of trusted sites. This

will allow the site to work correctly. Impact of workaround. There are side effects to

prompting before running Active Scripting. Many websites that are on the Internet or



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

on an intranet use Active Scripting to provide additional functionality. For example, an

online e-commerce site or banking site may use Active Scripting to provide menus,

ordering forms, or even account statements. Prompting before running Active Scripting

is a global setting that affects all Internet and intranet sites. You will be prompted

frequently when you enable this workaround. For each prompt, if you feel you trust the

site that you are visiting, click Yes to run Active Scripting. If you do not want to be

prompted for all these sites, use the steps outlined in "Add sites that you trust to the

Internet Explorer Trusted sites zone". Add sites that you trust to the Internet Explorer

Trusted sites zone After you set Internet Explorer to require a prompt before it runs

ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone,

you can add sites that you trust to the Internet Explorer Trusted sites zone. This will

allow you to continue to use trusted websites exactly as you do today, while helping to

protect you from this attack on untrusted sites. We recommend that you add only sites

that you trust to the Trusted sites zone.

To do this, perform the following steps:

1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.

2. In the Select a web content zone to specify its current security settings box, click

Trusted Sites, and then click Sites.



Maximu

m

Severity

Rating

Vulnerabilit

y Impact

3. If you want to add sites that do not require an encrypted channel, click to clear the

Require server verification (https:) for all sites in this zone check box.

4. In the Add this website to the zone box, type the URL of a site that you trust, and then

click Add.

5. Repeat these steps for each site that you want to add to the zone.

6. Click OK two times to accept the changes and return to Internet Explorer. Note Add any

sites that you trust not to take malicious action on your system. Two sites in particular

that you may want to add are *.windowsupdate.microsoft.com and

*.update.microsoft.com. These are the sites that will host the update, and they require

an ActiveX control to install the update.

Revision:

1.0 09/10/2019 07:00:00

Information published.

Affected Software

The following tables list the affected software details for the vulnerability.


ADV190022

Product KB Article Severity Impact Supersedence CVSS Score

Set

Restart

Required

Adobe Flash Player on Windows Server

2012

4516115

Security Update Critical

Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 8.1 for

32-bit systems

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 8.1 for

x64-based systems

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


2012 R2

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows RT 8.1 4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516115









ADV190022

Adobe Flash Player on Windows 10 for

32-bit Systems

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 10 for

x64-based Systems

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


2016

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Adobe Flash Player on Windows 10

Version 1607 for 32-bit Systems

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Version 1607 for x64-based Systems

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal: Yes














ADV190022

N/A

Vector: N/A



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV190022


Version 1803 for ARM64-based Systems

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


2019

4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal: Yes














ADV190022

N/A

Vector: N/A



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516115


Remote Code

Execution 4503308

Base: N/A

Temporal:

N/A

Vector: N/A

Yes








ADV990001 - Latest Servicing Stack Updates


Maximum

Severity

Rating

Vulnerability

Impact

ADV990001

MITRE

NVD

CVE Title: Latest Servicing Stack Updates

Description:

This is a list of the latest servicing stack updates for each operating system. This list will

be updated whenever a new servicing stack update is released. It is important to install

the latest servicing stack update.

FAQ:

1. Why are all of the Servicing Stack Updates (SSU) critical updates?

The SSUs are classified as Critical updates. This does not indicate that there is a critical

vulnerability being addressed in the update.

2. When was the most recent SSU released for each version of Microsoft

Windows?

Please refer to the following table for the most recent SSU release. We will update the

entries any time a new SSU is released:

Critical Defense in

Depth

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=ADV990001

https://web.nvd.nist.gov/view/vuln/detail?vulnId=ADV990001



Maximum

Severity

Rating

Vulnerability

Impact

Product SSU Package Date Released

Windows Server 2008 4517134 September 2019

Windows 7/Server 2008 R2 4516655 September 2019

Windows Server 2012 4512939 September 2019

Windows 8.1/Server 2012 R2 4512938 September 2019

Windows 10 4512573 September 2019

Windows 10 Version 1607/Server 2016 4512574 September 2019

Windows 10 Version 1703 4511839 September 2019

Windows 10 1709 4512575 September 2019

Windows 10 1803/Windows Server, version 1803 4512576 September 2019

Windows 10 1809/Server 2019 4512577 September 2019

Windows 10 1903/Windows Server, version 1903 4515383 September 2019

Mitigations:

None

Workarounds:

None



Maximum

Severity

Rating

Vulnerability

Impact

Revision:

9.0 06/11/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1607, Windows

Server 2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section

for more information.

10.0 06/14/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1903 and

Windows Server, version 1903 (Server Core installation). See the FAQ section for more

information.

12.0 07/24/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 Version 1809 and

Windows Server 2019. See the FAQ section for more information.

8.0 05/14/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10

version 1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version

1709, Windows Server, version 1709, Windows 10 version 1803, Windows Server,

version 1803, Windows 10 version 1809, Windows Server 2019, Windows 10 version

1809 and Windows Server, version 1809. See the FAQ section for more information.

1.2 12/03/2018 08:00:00



Maximum

Severity

Rating

Vulnerability

Impact

FAQs have been added to further explain Security Stack Updates. The FAQs include a

table that indicates the most recent SSU release for each Windows version. This is an

informational change only.

3.2 12/12/2018 08:00:00

Fixed a typo in the FAQ.

7.0 04/09/2019 07:00:00

A Servicing Stack Update has been released for Windows Server 2008 and Windows

Server 2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019,

and Windows Server 2019 (Server Core installation). See the FAQ section for more

information.

3.1 12/11/2018 08:00:00

Updated supersedence information. This is an informational change only.

6.0 03/12/2019 07:00:00

A Servicing Stack Update has been released for Windows 7 and Windows Server 2008

R2 and Windows Server 2008 R2 (Server Core installation). See the FAQ section for

more information.

1.1 11/14/2018 08:00:00

Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an

informational change only.



Maximum

Severity

Rating

Vulnerability

Impact

1.0 11/13/2018 08:00:00


13.0 07/26/2019 07:00:00

A Servicing Stack Update has been released for Windows 10 version 1903 and

Windows Server, version 1903 (Server Core installation). See the FAQ section for more

information.

4.0 01/08/2019 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1703. See the

FAQ section for more information.

5.1 02/13/2019 08:00:00

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows

10 Version 1809 for x64-based Systems to 4470788. This is an informational change

only.

14.0 09/10/2019 07:00:00

A Servicing Stack Update has been released for all supported versions of Windows. See

the FAQ section for more information.

3.0 12/11/2018 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1709, Windows

Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and



Maximum

Severity

Rating

Vulnerability

Impact

Windows Server, version 1803 (Server Core Installation). See the FAQ section for more

information.

5.0 02/12/2019 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1607, Windows

Server 2016, and Windows Server 2016 (Server Core installation); Windows 10 Version

1703; Windows 10 Version 1709 and Windows Server, version 1709 (Server Core

Installation); Windows 10 Version 1803, and Windows Server, version 1803 (Server

Core Installation). See the FAQ section for more information.

2.0 12/05/2018 08:00:00

A Servicing Stack Update has been released for Windows 10 Version 1809 and

Windows Server 2019. See the FAQ section for more information.

11.0 07/09/2019 07:00:00

A Servicing Stack Update has been released for all supported versions of Windows 10

(including Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2

and Windows Server 2012. See the FAQ section for more information.

5.2 02/14/2019 08:00:00

In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows

10 Version 1803 for x64-based Systems to 4485449. This is an informational change

only.


Affected Software


ADV990001


Set

Restart

Required

Windows 7 for 32-bit Systems Service Pack 1 4516655 Servicing

Stack Update Critical

Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 7 for x64-based Systems Service

Pack 1

4516655 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 R2 for x64-based

Systems Service Pack 1 (Server Core

installation)

4516655 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 R2 for Itanium-Based

Systems Service Pack 1

4516655 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes










ADV990001

Windows Server 2008 R2 for x64-based


4516655 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for 32-bit Systems

Service Pack 2 (Server Core installation)

4517134 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2012 4512939 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2012 (Server Core

installation)

4512939 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 8.1 for 32-bit systems 4512938 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 8.1 for x64-based systems 4512938 Servicing


Defense in

Depth Base: N/A

Temporal: Yes














ADV990001

N/A

Vector: N/A

Windows Server 2012 R2 4512938 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2012 R2 (Server Core

installation)

4512938 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 for 32-bit Systems 4512573 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 for x64-based Systems 4512573 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV990001

Windows 10 Version 1607 for 32-bit Systems 4512574 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 Version 1607 for x64-based

Systems

4512574 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


installation)

4512574 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4511839 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



Defense in

Depth Base: N/A

Temporal: Yes














ADV990001

N/A

Vector: N/A


Systems

4512575 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4512576 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server, version 1803 (Server Core

Installation)

4512576 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows 10 Version 1803 for ARM64-based

Systems

4512576 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV990001



Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4512577 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4512577 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


installation)

4512577 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4512575 Servicing


Defense in

Depth Base: N/A

Temporal: Yes














ADV990001

N/A

Vector: N/A



Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4515383 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


Systems

4515383 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server, version 1903 (Server Core

installation)

4515383 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for Itanium-Based


4517134 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes












ADV990001

Windows Server 2008 for 32-bit Systems

Service Pack 2

4517134 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for x64-based Systems

Service Pack 2

4517134 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Windows Server 2008 for x64-based Systems

Service Pack 2 (Server Core installation)

4517134 Servicing


Defense in

Depth

Base: N/A

Temporal:

N/A

Vector: N/A

Yes








CVE-2019-0787 - Remote Desktop Client Remote Code Execution

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

0787

MITRE

NVD

CVE Title: Remote Desktop Client Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the Windows Remote Desktop Client

when a user connects to a malicious server. An attacker who successfully exploited this

vulnerability could execute arbitrary code on the computer of the connecting client. An

attacker could then install programs; view, change, or delete data; or create new

accounts with full user rights.

To exploit this vulnerability, an attacker would need to have control of a server and then

convince a user to connect to it. An attacker would have no way of forcing a user to

connect to the malicious server, they would need to trick the user into connecting via

social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An

attacker could also compromise a legitimate server, host malicious code on it, and wait

for the user to connect.

Critical Remote Code

Execution

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0787

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0787



Maximum

Severity

Rating

Vulnerability

Impact

The update addresses the vulnerability by correcting how the Windows Remote

Desktop Client handles connection requests.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-0787

Product KB

Article Severity Impact Supersedence CVSS Score Set

Restart

Required

Windows

7 for 32-

bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.5

Temporal: 6.7

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes

Windows

7 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

8.1 for 32-

bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

8.1 for

4516064

Security

Only

Critical

Remote

Code

Execution

4512488 Base: 7.5

Temporal: 6.7 Yes























CVE-2019-0787

x64-based

systems

4516067

Monthly

Rollup

Vector:


Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for 32-

bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1607 for

4516044

Security

Update

Critical

Remote

Code

Execution

4512517 Base: 7.5

Temporal: 6.7 Yes

















CVE-2019-0787

x64-based

Systems

Vector:


Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0787

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0787

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0787

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

CVE-2019-0788 - Remote Desktop Client Remote Code Execution

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

CVE Title: Remote Desktop Client Remote Code Execution Vulnerability

Description: Critical

Remote Code

Execution









Maximum

Severity

Rating

Vulnerability

Impact

0788

MITRE

NVD

A remote code execution vulnerability exists in the Windows Remote Desktop Client

when a user connects to a malicious server. An attacker who successfully exploited this

vulnerability could execute arbitrary code on the computer of the connecting client. An



To exploit this vulnerability, an attacker would need to have control of a server and then

convince a user to connect to it. An attacker would have no way of forcing a user to

connect to the malicious server, they would need to trick the user into connecting via

social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An

attacker could also compromise a legitimate server, host malicious code on it, and wait

for the user to connect.

The update addresses the vulnerability by correcting how the Windows Remote

Desktop Client handles connection requests.

FAQ:

None

Mitigations:

None

Workarounds:

None





Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-0788

Product KB


Restart

Required

Windows

8.1 for 32-

bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-0788

Windows

8.1 for

x64-based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for 32-

bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 for

x64-based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

















CVE-2019-0788

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

4516066

Security

Update

Critical

Remote

Code

Execution

4512516 Base: 7.5

Temporal: 6.7 Yes

















CVE-2019-0788

x64-based

Systems

Vector:


Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0788

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-0788

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

CVE-2019-0928 - Windows Hyper-V Denial of Service Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

0928

CVE Title: Windows Hyper-V Denial of Service Vulnerability

Description:

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to

properly validate input from a privileged user on a guest operating system. To exploit

Important Denial of

Service









Maximum

Severity

Rating

Vulnerability

Impact

MITRE

NVD

the vulnerability, an attacker who already has a privileged account on a guest operating

system, running as a virtual machine, could run a specially crafted application that

causes a host machine to crash.

To exploit the vulnerability, an attacker who already has a privileged account on a guest

operating system, running as a virtual machine, could run a specially crafted application.

The security update addresses the vulnerability by resolving a number of conditions

where Hyper-V would fail to prevent a guest operating system from sending malicious

requests.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00





Affected Software


CVE-2019-0928

Product KB


Restart

Required

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Denial

of

Service

4512497

Base: 5.4

Temporal: 4.9

Vector:

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

Yes

Windows

Server 2016

4516044

Security

Update

Important

Denial

of

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Denial

of

Service

4512517

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Denial

of

Service

4512517 Base: 5.4

Temporal: 4.9 Yes














CVE-2019-0928

(Server Core

installation)

Vector:


Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Denial

of

Service

4512507

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Denial

of

Service

4512516

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Denial

of

Service

4512501

Base: 5.4

Temporal: 4.9

Vector:


Yes

Windows

Server,

version

1803 (Server

Core

Installation)

4516058

Security

Update

Important

Denial

of

Service

4512501

Base: 5.4

Temporal: 4.9

Vector:


Yes














CVE-2019-1138 - Chakra Scripting Engine Memory Corruption

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1138

MITRE

NVD

CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability

Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine

handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory

in such a way that an attacker could execute arbitrary code in the context of the current

user. An attacker who successfully exploited the vulnerability could gain the same user

rights as the current user. If the current user is logged on with administrative user

rights, an attacker who successfully exploited the vulnerability could take control of an

affected system. An attacker could then install programs; view, change, or delete data;

or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is

designed to exploit the vulnerability through Microsoft Edge and then convince a user

to view the website. The attacker could also take advantage of compromised websites

and websites that accept or host user-provided content or advertisements. These

websites could contain specially crafted content that could exploit the vulnerability.

Moderate Remote Code

Execution





Maximum

Severity

Rating

Vulnerability

Impact

The security update addresses the vulnerability by modifying how the Chakra scripting

engine handles objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1138

Product KB


Restart

Required

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1607 for

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1138

x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1138

Windows 10

Version

1709 for 32-

bit Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1138

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1138

Windows 10

Version

1809 for 32-

bit Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1138

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1138

1903 for 32-

bit Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1138

ChakraCore

Release

Notes

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Maybe

CVE-2019-1142 - .NET Framework Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1142

MITRE

NVD

CVE Title: .NET Framework Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when the .NET Framework common

language runtime (CLR) allows file creation in arbitrary locations. An attacker who

successfully exploited this vulnerability could write files to folders that require higher

privileges than what the attacker already has.

To exploit the vulnerability, an attacker would need to log into a system. The attacker

could then specify the targeted folder and trigger an affected process to run.

The update addresses the vulnerability correcting how the .NET Framework CLR process

logs data.

Important Elevation of

Privilege

https://github.com/Microsoft/ChakraCore/releases/tag/v1.11.13








Maximum

Severity

Rating

Vulnerability

Impact

FAQ:

There are two updates for .NET Framework 3.5 installed on Windows 10 version

1809 and Windows Server 2019. How do I know which update I need to install?

The security updates for Windows 10 version 1809 and Windows Server 2019 include

both .NET Framework 3.5 and 4.7.2 or 4.8. Customers running these versions of

Windows 10 need to determine if they are also running .NET Framework 4.7.2 or .NET

Framework 4.8. Install the security update that includes that second version of .NET

Framework.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1142

Product KB Article Severity Impact Supersedence CVSS

Score Set

Restart

Required

Microsoft .NET Framework 4.5.2 on Windows Server

2012

4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2012 (Server Core installation)

4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.5.2 on Windows 8.1 for

32-bit systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

















CVE-2019-1142

Microsoft .NET Framework 4.5.2 on Windows 8.1 for

x64-based systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2012 R2

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.5.2 on Windows RT 8.1

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2012 R2 (Server Core installation)

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework

4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server

2012

4514598

Security Only

4514603

Monthly


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe





















CVE-2019-1142

Rollup




4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for

32-bit systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for

x64-based systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



2012 R2

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1

4514604

Monthly Important

Elevation of

Privilege Base: N/A

Temporal: Maybe























CVE-2019-1142

Rollup N/A

Vector: N/A




4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows Server

2012

4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514598

Security Only

4514603

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows 8.1 for

32-bit systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe






















CVE-2019-1142


x64-based systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2012 R2

4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows RT 8.1

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514599

Security Only

4514604

Monthly

Rollup


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2016

4514354

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe




















CVE-2019-1142

Microsoft .NET Framework 4.8 on Windows 10


4514354

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514354

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514354

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514355

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514355

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514356

Security

Update


Privilege Base: N/A

Temporal: Maybe




















CVE-2019-1142

N/A

Vector: N/A



4514356

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514357

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514357

Security

Update


Privilege

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft .NET Framework 4.8 on Windows Server,

version 1803 (Server Core Installation)

4516058

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Microsoft .NET Framework 3.5 AND 4.8 on Windows

10 Version 1809 for 32-bit Systems

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

















CVE-2019-1142


10 Version 1809 for x64-based Systems

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Server 2019

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Server 2019 (Server Core installation)

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


10 Version 1903 for 32-bit Systems

4514359

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


10 Version 1903 for x64-based Systems

4514359

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Server, version 1903 (Server Core installation)

4514359

Security

Update


Privilege 4512501

Base: N/A

Temporal: Maybe




















CVE-2019-1142

N/A

Vector: N/A

Microsoft .NET Framework 3.5 AND 4.7.2 on

Windows 10 Version 1809 for 32-bit Systems

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Windows 10 Version 1809 for x64-based Systems

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Windows Server 2019

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Windows Server 2019 (Server Core installation)

4514601

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2012

4514598

Security Only

4514603

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



















CVE-2019-1142



4514598

Security Only

4514603

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


32-bit systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


x64-based systems

4514599

Security Only

4514604

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2012 R2

4514599

Security Only

4514604

Monthly

Rollup


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4514599

Security Only

4514604


Privilege 4512501

Base: N/A

Temporal: Maybe

























CVE-2019-1142

Monthly

Rollup

N/A

Vector: N/A

Microsoft .NET Framework 3.5 on Windows 10 for

32-bit Systems

4516070

Security

Update


Privilege 4512497

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Microsoft .NET Framework 3.5 on Windows 10 for

x64-based Systems

4516070

Security

Update


Privilege 4512497

Base: N/A

Temporal:

N/A

Vector: N/A

Yes


2016

4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



















CVE-2019-1142



4516044

Security

Update


Privilege 4512517

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516068

Security

Update


Privilege 4512507

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516068

Security

Update


Privilege 4512507

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516066

Security

Update


Privilege 4512516

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516066

Security

Update


Privilege 4512516

Base: N/A

Temporal:

N/A

Vector: N/A

Yes



4516058

Security

Update


Privilege 4512501

Base: N/A

Temporal: Yes




















CVE-2019-1142

N/A

Vector: N/A



4516058

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

Microsoft .NET Framework 3.5 on Windows Server,

version 1803 (Server Core Installation)

4516058

Security

Update


Privilege 4512501

Base: N/A

Temporal:

N/A

Vector: N/A

Yes

CVE-2019-1208 - VBScript Remote Code Execution Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1208

MITRE

NVD

CVE Title: VBScript Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in the way that the VBScript engine

handles objects in memory. The vulnerability could corrupt memory in such a way that

an attacker could execute arbitrary code in the context of the current user. An attacker


Execution











Maximum

Severity

Rating

Vulnerability

Impact

who successfully exploited the vulnerability could gain the same user rights as the

current user. If the current user is logged on with administrative user rights, an attacker

who successfully exploited the vulnerability could take control of an affected system. An




designed to exploit the vulnerability through Internet Explorer and then convince a user

to view the website. An attacker could also embed an ActiveX control marked "safe for

initialization" in an application or Microsoft Office document that hosts the IE rendering

engine. The attacker could also take advantage of compromised websites and websites

that accept or host user-provided content or advertisements. These websites could

contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine

handles objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:



Maximum

Severity

Rating

Vulnerability

Impact

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1208

Product KB Article Severity Impact Supersedence CVSS Score Set Restart

Required

Internet

Explorer

9 on

Windows

Server

2008 for

32-bit

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes







CVE-2019-1208

Systems

Service

Pack 2

Internet

Explorer

9 on

Windows

Server

2008 for

x64-

based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

7 for 32-

bit

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes












CVE-2019-1208

Internet

Explorer

11 on

Windows

7 for

x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2008 R2

for x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes












CVE-2019-1208

Internet

Explorer

11 on

Windows

Server

2012

4516046 IE

Cumulative Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

32-bit

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

x64-

based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-1208

Internet

Explorer

11 on

Windows

Server

2012 R2

4516067

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

32-bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes













CVE-2019-1208

x64-

based

Systems

Internet

Explorer

11 on

Windows

Server

2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1208

Version

1607 for

x64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1703 for

x64-

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1208

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1709 for

x64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1208

Internet

Explorer

11 on

Windows

10

Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1803 for

x64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1208

10

Version

1803 for

ARM64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1809 for

x64-

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1208

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1208

Version

1709 for

ARM64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1903 for

x64-

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1208

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

10 on

Windows

Server

2012

4516055

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes










CVE-2019-1209 - Lync 2013 Information Disclosure Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1209

MITRE

NVD

CVE Title: Lync 2013 Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it

could read arbitrary files on the victim's machine. Â To exploit the vulnerability, an

attacker needs to instantiate a conference and modify the meeting link with malicious

content and send the link to a victim.

The update addresses the vulnerability by changing how the URL is being resolved.

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this

vulnerability is unauthorized file system access - reading from the file system.

Mitigations:

None

Important Information

Disclosure





Maximum

Severity

Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1209


Set

Restart

Required

Microsoft Lync Server

2013

4515509 Security

Update Important

Information

Disclosure

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298f

https://www.microsoft.com/download/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298f


CVE-2019-1214 - Windows Common Log File System Driver Elevation of

Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1214

MITRE

NVD

CVE Title: Windows Common Log File System Driver Elevation of Privilege

Vulnerability

Description:

An elevation of privilege vulnerability exists when the Windows Common Log File

System (CLFS) driver improperly handles objects in memory. An attacker who

successfully exploited this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and

then run a specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how CLFS handles

objects in memory.

FAQ:

None

Mitigations:


Privilege



https://technet.microsoft.com/library/security/dn848375.aspx#CLFS

https://technet.microsoft.com/library/security/dn848375.aspx#CLFS



Maximum

Severity

Rating

Vulnerability

Impact

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1214

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes







CVE-2019-1214

Rollup

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1214

Service Pack

1

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1214

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

























CVE-2019-1214

Rollup

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1214

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1214

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803 (Server

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1214

Core

Installation)

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1214

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1214

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1903 (Server

Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

4516026

Monthly

Rollup

4516051

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1214

Service Pack

2

Security

Only

Windows

Server 2008

for x64-

based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes
















CVE-2019-1215 - Windows Elevation of Privilege Vulnerability

CVE ID Vulnerability Description Maximum

Severity Rating

Vulnerability

Impact

CVE-

2019-

1215

MITRE

NVD

CVE Title: Windows Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock)

handles objects in memory. An attacker who successfully exploited the vulnerability

could execute code with elevated privileges.

To exploit the vulnerability, a locally authenticated attacker could run a specially

crafted application.

The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly


FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Privilege





Severity Rating

Vulnerability

Impact


Affected Software


CVE-2019-1215

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-

based

Systems

4516033

Security

Only

4516065

Monthly

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes













CVE-2019-1215

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

4516033

Security

Only

4516065

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes



















CVE-2019-1215

Systems

Service Pack

1

Monthly

Rollup

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes






















CVE-2019-1215

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1215

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1215

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1215

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803 (Server

Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

4516058

Security

Update

Important

Elevation

of

Privilege

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1215

ARM64-

based

Systems

Vector:


Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1215

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1215

based

Systems

Windows

Server,

version

1903 (Server

Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1215

Windows

Server 2008

for x64-

based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1216 - DirectX Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1216

MITRE

NVD

CVE Title: DirectX Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when DirectX improperly handles

objects in memory. An attacker who successfully exploited this vulnerability could

obtain information to further compromise the userâ€™s system.

An authenticated attacker could exploit this vulnerability by running a specially


The update addresses the vulnerability by correcting how DirectX handles objects in

memory.

FAQ:


The type of information that could be disclosed if an attacker successfully exploited

this vulnerability is the contents of Kernel memory. An attacker could read the

contents of Kernel memory from a user mode process.


Disclosure





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1216

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

Yes







CVE-2019-1216

Rollup

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server

2008 R2 for

Itanium-

Based

Systems

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes





















CVE-2019-1216

Service

Pack 1

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server

2012

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server

2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5.1

Vector:


Yes




















CVE-2019-1216

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server

2012 R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes




















CVE-2019-1216

Windows

Server

2012 R2

(Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

10 for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server

2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes




















CVE-2019-1216

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

Server

2016

(Server

Core

installation)

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5.1

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5.1

Vector:


Yes















Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1217

MITRE

NVD


Description:















Execution





Maximum

Severity

Rating

Vulnerability

Impact



FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1217

Product KB


Restart

Required

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1217

Windows 10

Version

1803 for

ARM64-

based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1217

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1217

1903 for 32-

bit Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1217

ChakraCore

Release

Notes

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Maybe

CVE-2019-1219 - Windows Transaction Manager Information Disclosure

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1219

MITRE

NVD

CVE Title: Windows Transaction Manager Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when the Windows Transaction Manager

improperly handles objects in memory. An attacker who successfully exploited this

vulnerability could potentially read data that was not intended to be disclosed.


then run a specially crafted application.


Disclosure









Maximum

Severity

Rating

Vulnerability

Impact

The security update addresses the vulnerability by correcting how the Transaction

Manager handles objects in memory.

FAQ:



this vulnerability is uninitialized memory.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1219

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C

Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

4516033

Security

Only

4516065


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:

Yes


















CVE-2019-1219

Systems

Service

Pack 1

(Server

Core

installation)

Monthly

Rollup


C

Windows

Server

2008 R2 for

Itanium-

Based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

4516026

Monthly Important

Information

Disclosure 4512476

Base: 5.5

Temporal: 5 Yes


















CVE-2019-1219

2008 for

32-bit

Systems

Service

Pack 2

(Server

Core

installation)

Rollup

4516051

Security

Only

Vector:


C

Windows

Server

2012

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Yes





















CVE-2019-1219

4516067

Monthly

Rollup


C

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2012 R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2012 R2

4516064

Security

Only


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Yes




















CVE-2019-1219

(Server

Core

installation)

4516067

Monthly

Rollup


C

Windows

10 for 32-

bit Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

















CVE-2019-1219

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2016

(Server

Core

installation)

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

4516066

Security Important

Information

Disclosure 4512516

Base: 5.5

Temporal: 5 Yes
















CVE-2019-1219

1709 for

32-bit

Systems

Update Vector:


C

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server,

version

1803

(Server

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes















CVE-2019-1219

Core

Installation

)

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1809 for

ARM64-

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:

Yes














CVE-2019-1219

based

Systems


C

Windows

Server

2019

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2019

(Server

Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:

Yes














CVE-2019-1219

32-bit

Systems


C

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

4516026

Monthly

Rollup


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Yes














CVE-2019-1219

Itanium-

Based

Systems

Service

Pack 2

4516051

Security

Only


C

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

x64-based

4516026

Monthly

Rollup

4516051


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:

Yes





















CVE-2019-1219

Systems

Service

Pack 2

(Server

Core

installation)

Security

Only


C

CVE-2019-1220 - Microsoft Browser Security Feature Bypass

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1220

MITRE

NVD

CVE Title: Microsoft Browser Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate

the correct Security Zone of requests for specific URLs. This could allow an attacker to

cause a user to access a URL in a less restricted Internet Security Zone than intended.

Important Security Feature

Bypass







Maximum

Severity

Rating

Vulnerability

Impact

To exploit this vulnerability, an attacker could email or otherwise provide a specially

crafted URL to a victim and convince them to click on it.

The security update addresses the vulnerability by correcting security feature behavior

to properly map affected URLs to the correct Security Zone.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1220

Product KB Article Severity Impact Supersedenc

e CVSS Score Set

Restart

Require

d

Internet

Explorer 9

on Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516046 IE

Cumulativ

e

Low

Securit

y

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Yes

Internet

Explorer 9

on Windows

Server 2008

for x64-

based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516046 IE

Cumulativ

e

Low

Securit

y

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

on Windows

4516065

Monthly

Rollup

Importan

t

Securit

y 4511872

Base: 4.3

Temporal: 3.9

Vector:

Yes

















CVE-2019-1220

7 for 32-bit

Systems

Service Pack

1

4516046 IE

Cumulativ

e

Feature

Bypass

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:

C

Internet

Explorer 11

on Windows

7 for x64-

based

Systems

Service Pack

1

4516065

Monthly

Rollup

4516046 IE

Cumulativ

e

Importan

t

Securit

y

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516065

Monthly

Rollup

4516046 IE

Cumulativ

e

Low

Securit

y

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

4516046 IE

CumulativLow

Securit

y 4511872

Base: 2.4

Temporal: 2.2 Yes



















CVE-2019-1220

on Windows

Server 2012

e Feature

Bypass

Vector:


Internet

Explorer 11

on Windows

8.1 for 32-

bit systems

4516067

Monthly

Rollup

4516046 IE

Cumulativ

e

Importan

t

Securit

y

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

8.1 for x64-

based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulativ

e

Importan

t

Securit

y

Feature

Bypass

4511872

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

Server 2012

R2

4516067

Monthly

Rollup

4516046 IE

Cumulativ

e

Low

Securit

y

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

4516067

Monthly

Rollup

Importan

t

Securit

y 4512488

Base: 4.3

Temporal: 3.9

Vector:

Yes





















CVE-2019-1220

on Windows

RT 8.1

Feature

Bypass


C

Internet

Explorer 11

on Windows

10 for 32-

bit Systems

4516070

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 for x64-

based

Systems

4516070

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

Server 2016

4516044

Security

Update

Low

Securit

y

Feature

Bypass

4512517

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1607 for 32-

bit Systems

4516044

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


C

Yes














CVE-2019-1220

Internet

Explorer 11

on Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

1703 for 32-

bit Systems

4516068

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

4516066

Security

Update

Importan

t

Securit

y 4512516

Base: 4.3

Temporal: 3.9

Vector:

Yes














CVE-2019-1220

10 Version

1709 for 32-

bit Systems

Feature

Bypass


C

Internet

Explorer 11

on Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

1803 for 32-

bit Systems

4516058

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


C

Yes











CVE-2019-1220

Internet

Explorer 11

on Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

1809 for 32-

bit Systems

4512578

Security

Update

Importan

t

Securit

y

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Importan

t

Securit

y

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

4512578

Security

Importan

t

Securit

y 4511553

Base: 4.3

Temporal: 3.9 Yes













CVE-2019-1220

on Windows

10 Version

1809 for

ARM64-

based

Systems

Update Feature

Bypass

Vector:


C

Internet

Explorer 11

on Windows

Server 2019

4512578

Security

Update

Low

Securit

y

Feature

Bypass

4511553

Base: 2.4

Temporal: 2.2

Vector:


Yes

Internet

Explorer 11

on Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

4515384

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


C

Yes












CVE-2019-1220

1903 for 32-

bit Systems

Internet

Explorer 11

on Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 11

on Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Internet

Explorer 10

on Windows

Server 2012

4516055

Monthly

Rollup

4516046 IE

Cumulativ

e

Low

Securit

y

Feature

Bypass

4511872

Base: 2.4

Temporal: 2.2

Vector:


Yes














CVE-2019-1220

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

for 32-bit

Systems

4516070

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:

C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

for x64-

based

Systems

4516070

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512497

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Low

Securit

y

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

4516044

Security

Importan

t

Securit

y 4512517

Base: 4.3

Temporal: 3.9 Yes













CVE-2019-1220

(EdgeHTML-

based) on

Windows 10

Version

1607 for 32-

bit Systems

Update Feature

Bypass

Vector:


C

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512517

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


C

Yes









CVE-2019-1220

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512507

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

4516066

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


C

Yes











CVE-2019-1220

1709 for

x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512501

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

4516058

Security

Update

Importan

t

Securit

y 4512501

Base: 4.3

Temporal: 3.9

Vector:

Yes











CVE-2019-1220

based) on

Windows 10

Version

1803 for

ARM64-

based

Systems

Feature

Bypass


C

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Importan

t

Securit

y

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

4512578

Security

Update

Importan

t

Securit

y

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


C

Yes








CVE-2019-1220

x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Importan

t

Securit

y

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Low

Securit

y

Feature

Bypass

4511553

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

4516066

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512516

Base: 4.3

Temporal: 3.9

Vector:


C

Yes











CVE-2019-1220

Version

1709 for

ARM64-

based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


C

Yes








CVE-2019-1220

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Importan

t

Securit

y

Feature

Bypass

4512508

Base: 4.3

Temporal: 3.9

Vector:


C

Yes

CVE-2019-1221 - Scripting Engine Memory Corruption Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1221

MITRE

NVD

CVE Title: Scripting Engine Memory Corruption Vulnerability

Description:

A remote code execution vulnerability exists in the way that the scripting engine

handles objects in memory in Internet Explorer. The vulnerability could corrupt memory



Execution








Maximum

Severity

Rating

Vulnerability

Impact















FAQ:

None

Mitigations:

None

Workarounds:



Maximum

Severity

Rating

Vulnerability

Impact

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1221


Required

Internet

Explorer

11 on

Windows

7 for 32-

bit

Systems

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes







CVE-2019-1221

Service

Pack 1

Internet

Explorer

11 on

Windows

7 for

x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2008 R2

for x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes












CVE-2019-1221

Internet

Explorer

11 on

Windows

Server

2012

4516046 IE

Cumulative Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

32-bit

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

x64-

based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-1221

Internet

Explorer

11 on

Windows

Server

2012 R2

4516067

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

32-bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes













CVE-2019-1221

x64-

based

Systems

Internet

Explorer

11 on

Windows

Server

2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1221

Version

1607 for

x64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1703 for

x64-

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1221

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1709 for

x64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1221

Internet

Explorer

11 on

Windows

10

Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1803 for

x64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1221

10

Version

1803 for

ARM64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1809 for

x64-

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1221

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1221

Version

1709 for

ARM64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1903 for

x64-

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1221

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

CVE-2019-1231 - Rome SDK Information Disclosure Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1231

CVE Title: Rome SDK Information Disclosure Vulnerability

Description: Important

Information

Disclosure






Severity Rating

Vulnerability

Impact

MITRE

NVD

An information disclosure vulnerability exists in the way Rome SDK handles server

SSL/TLS certificate validation. This vulnerability allows an unauthenticated attacker to

establish connection with an invalid SSL/TLS server certificate.

To exploit this, an attacker would have to Man-In-The-Middle to intercept an

established connection.

This security update addresses the issue by handling server SSL/TLS certificate

validation correctly.

FAQ:

What versions of the Project Rome SDK are affected by this vulnerability?

Version 1.4.0 and all previous versions of the SDK are affected. Version 1.4.1 does not

have the vulnerability.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00





Severity Rating

Vulnerability

Impact


Affected Software


CVE-2019-1231


Set

Restart

Required

Rome SDK

1.4.1

Release Notes Security

Update Important

Information

Disclosure

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

https://bintray.com/connecteddevices/maven/com.microsoft.connecteddevices:connecteddevices-sdk/1.4.1

https://bintray.com/connecteddevices/maven/com.microsoft.connecteddevices:connecteddevices-sdk/1.4.1


CVE-2019-1232 - Diagnostics Hub Standard Collector Service Elevation

of Privilege Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1232

MITRE

NVD

CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege

Vulnerability

Description:

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard

Collector Service improperly impersonates certain file operations. An attacker who

successfully exploited this vulnerability could gain elevated privileges.

An attacker with unprivileged access to a vulnerable system could exploit this

vulnerability.

The security update addresses the vulnerability by ensuring the Diagnostics Hub

Standard Collector Service properly impersonates file operations.

FAQ:

None

Mitigations:

None


Privilege





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1232

Product KB


Restart

Required

Microsoft

Visual

Studio 2015

Update 3

4513696

Security

Update

Important

Elevation

of

Privilege

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497 Base: 7.8

Temporal: 7 Yes

https://aka.ms/vs/14/release/4513696







CVE-2019-1232

Vector:


Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1232

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1232

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1232

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1232

based

Systems

Microsoft

Visual

Studio 2017

version 15.9

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512516

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

http://aka.ms/vs/15/release/latest














CVE-2019-1232

Windows

Server,

version

1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Visual

Studio 2017

version 15.0

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Visual

Studio 2019

version 16.0

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Visual

Studio 2019

version 16.2

Release

Notes

Security

Update

Important

Elevation

of

Privilege

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Maybe




https://my.visualstudio.com/Downloads?q=Visual%20Studio%202017%20version%2015.0








https://aka.ms/vs/16/release/latest





CVE-2019-1233 - Microsoft Exchange Denial of Service Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1233

MITRE

NVD

CVE Title: Microsoft Exchange Denial of Service Vulnerability

Description:

A denial of service vulnerability exists in Microsoft Exchange Server software when the

software fails to properly handle objects in memory. An attacker who successfully

exploited the vulnerability could cause a remote denial of service against a system.

Exploitation of the vulnerability requires that a specially crafted email be sent to a

vulnerable Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange

Server handles objects in memory.

FAQ:

None

Mitigations:

None

Workarounds:

None

Important Denial of

Service





Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1233


Set

Restart

Required

Microsoft Exchange Server 2016

Cumulative Update 12

4515832 Security

Update Important

Denial of

Service 4509409

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Cumulative Update 1

4515832 Security

Update Important

Denial of

Service 4509408

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=61a3f515-0eb8-4199-bf76-1fdf49036dfc


https://www.microsoft.com/download/details.aspx?familyid=9679426b-c00f-48e3-b6a0-f76e31f03108



CVE-2019-1233


Cumulative Update 2

4515832 Security

Update Important

Denial of

Service 4509408

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4515832 Security

Update Important

Denial of

Service 4509409

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

CVE-2019-1235 - Windows Text Service Framework Elevation of



Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1235

MITRE

NVD

CVE Title: Windows Text Service Framework Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF)

when the TSF server process does not validate the source of input or commands it

receives. An attacker who successfully exploited this vulnerability could inject commands


Privilege

https://www.microsoft.com/download/details.aspx?familyid=002926f8-2be9-4201-9ebf-c970c98cd2de


https://www.microsoft.com/download/details.aspx?familyid=e3d8eb03-12d6-4b9d-9c2c-85521ab55493






Maximum

Severity

Rating

Vulnerability

Impact

or read input sent through a malicious Input Method Editor (IME). This only affects

systems that have installed an IME.

To exploit this vulnerability, an attacker would first have to log on to the system. An

attacker could then run a specially crafted application that could exploit the vulnerability

and take control of an affected system.

The security update addresses this vulnerability by correcting how the TSF server and

client validate input from each other.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1235

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

4516033

Security

Only

4516065

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1235

Systems

Service Pack

1 (Server

Core

installation)

Monthly

Rollup

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

4516026

Monthly

Rollup

Important

Elevation

of

Privilege

4512476 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1235

Systems

Service Pack

2 (Server

Core

installation)

4516051

Security

Only

Vector:


Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes























CVE-2019-1235

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1235

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1235

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1235

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803 (Server

Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1235

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1235

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1235

Windows

Server,

version

1903 (Server

Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

based

4516026

Monthly

Rollup

4516051

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1235

Systems

Service Pack

2

Security

Only

Windows

Server 2008

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

CVE-2019-1236 - VBScript Remote Code Execution Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1236

CVE Title: VBScript Remote Code Execution Vulnerability

Description: Critical

Remote Code

Execution











Maximum

Severity

Rating

Vulnerability

Impact

MITRE

NVD

A remote code execution vulnerability exists in the way that the VBScript engine

handles objects in memory. The vulnerability could corrupt memory in such a way that

an attacker could execute arbitrary code in the context of the current user. An attacker

who successfully exploited the vulnerability could gain the same user rights as the

current user. If the current user is logged on with administrative user rights, an attacker

who successfully exploited the vulnerability could take control of an affected system. An












FAQ:

None





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1236


Required

Internet

Explorer

9 on

Windows

4516026

Monthly

Rollup

4516046 IE

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes






CVE-2019-1236

Server

2008 for

32-bit

Systems

Service

Pack 2

Cumulative

Internet

Explorer

9 on

Windows

Server

2008 for

x64-

based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

7 for 32-

bit

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes













CVE-2019-1236

Systems

Service

Pack 1

Internet

Explorer

11 on

Windows

7 for

x64-

based

Systems

Service

Pack 1

4516065

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2008 R2

for x64-

based

Systems

4516065

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes












CVE-2019-1236

Service

Pack 1

Internet

Explorer

11 on

Windows

Server

2012

4516046 IE

Cumulative Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

32-bit

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

8.1 for

x64-

based

systems

4516067

Monthly

Rollup

4516046 IE

Cumulative

Critical

Remote

Code

Execution

4511872

Base: 7.5

Temporal: 6.7

Vector:


Yes














CVE-2019-1236

Internet

Explorer

11 on

Windows

Server

2012 R2

4516067

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

RT 8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

32-bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10 for

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.5

Temporal: 6.7

Vector:


Yes













CVE-2019-1236

x64-

based

Systems

Internet

Explorer

11 on

Windows

Server

2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1607 for

32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

Version

1607 for

x64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1703 for

32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1703 for

x64-

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1236

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1709 for

32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1709 for

x64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1236

Internet

Explorer

11 on

Windows

10

Version

1803 for

32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1803 for

x64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

10

Version

1803 for

ARM64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1809 for

32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1809 for

x64-

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1236

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

Server

2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 6.4

Temporal: 5.8

Vector:


Yes

Internet

Explorer

11 on

Windows

10

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.5

Temporal: 6.7

Vector:


Yes











CVE-2019-1236

Version

1709 for

ARM64-

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1903 for

32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

11 on

Windows

10

Version

1903 for

x64-

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes








CVE-2019-1236

based

Systems

Internet

Explorer

11 on

Windows

10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.5

Temporal: 6.7

Vector:


Yes

Internet

Explorer

10 on

Windows

Server

2012

4516055

Monthly

Rollup

4516046 IE

Cumulative

Moderate

Remote

Code

Execution

4511872

Base: 6.4

Temporal: 5.8

Vector:


Yes











Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1237

MITRE

NVD


Description:















Execution





Maximum

Severity

Rating

Vulnerability

Impact



FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1237

Product KB


Restart

Required

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2016

4516044

Security

Update

Moderate

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1607 for

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

x64-based

Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

Windows 10

Version

1709 for 32-

bit Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1237

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

Windows 10

Version

1809 for 32-

bit Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1237

Microsoft

Edge

(EdgeHTML-

based) on

Windows

Server 2019

4512578

Security

Update

Moderate

Remote

Code

Execution

4511553

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes











CVE-2019-1237

1903 for 32-

bit Systems

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes

Microsoft

Edge

(EdgeHTML-

based) on

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Yes








CVE-2019-1237

ChakraCore

Release

Notes

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 4.2

Temporal: 3.8

Vector:


Maybe

CVE-2019-1240 - Jet Database Engine Remote Code Execution

Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1240

MITRE

NVD

CVE Title: Jet Database Engine Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine


vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially

crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet

Database Engine handles objects in memory.

Important Remote Code

Execution









Severity Rating

Vulnerability

Impact

FAQ:

Are Active Directory and Exchange Server affected by this vulnerability?

No, Active Directory and Exchange Server are not affected.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1240

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1240

Core

installation)

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1240

(Server

Core

installation)

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1240

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1240

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1240

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

4516066

Security

Update

Important

Remote

Code

Execution

4512516 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1240

x64-based

Systems

Vector:


Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: N/A

Temporal: N/A

Vector: N/A

Yes














CVE-2019-1240

based

Systems

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1240

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes














CVE-2019-1240

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: N/A

Temporal: N/A

Vector: N/A

Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1240

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes


















Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1241

MITRE

NVD


Description:





crafted file.



FAQ:




Execution





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1241

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Remote

Code

Execution

4512506 Base: 7.8

Temporal: 7 Yes





CVE-2019-1241

Service

Pack 1

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

4516033

Security

Only

4516065

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1241

Based

Systems

Service

Pack 1

Monthly

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

Important

Remote

Code

Execution

4512518 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1241

4516062

Security

Only

Vector:


Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes























CVE-2019-1241

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

4516070

Security

Update

Important

Remote

Code

Execution

4512497 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1241

based

Systems

Vector:


Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1241

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1241

32-bit

Systems

Vector:


Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1241

32-bit

Systems

Vector:


Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1241

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1241

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1241

based

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes












Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1242

MITRE

NVD


Description:





crafted file.



FAQ:




Execution





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1242

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Remote

Code

Execution

4512506 Base: 7.8

Temporal: 7 Yes





CVE-2019-1242

Service

Pack 1

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

4516033

Security

Only

4516065

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1242

Based

Systems

Service

Pack 1

Monthly

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

Important

Remote

Code

Execution

4512518 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1242

4516062

Security

Only

Vector:


Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes























CVE-2019-1242

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

4516070

Security

Update

Important

Remote

Code

Execution

4512497 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1242

based

Systems

Vector:


Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1242

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1242

32-bit

Systems

Vector:


Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1242

32-bit

Systems

Vector:


Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1242

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1242

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1242

based

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes












Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1243

MITRE

NVD


Description:





crafted file.



FAQ:




Execution





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1243

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Remote

Code

Execution

4512506 Base: 7.8

Temporal: 7 Yes





CVE-2019-1243

Service

Pack 1

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

4516033

Security

Only

4516065

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1243

Based

Systems

Service

Pack 1

Monthly

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

Important

Remote

Code

Execution

4512518 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1243

4516062

Security

Only

Vector:


Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes























CVE-2019-1243

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

4516070

Security

Update

Important

Remote

Code

Execution

4512497 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1243

based

Systems

Vector:


Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1243

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1243

32-bit

Systems

Vector:


Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1243

32-bit

Systems

Vector:


Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1243

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1243

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1243

based

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes











CVE-2019-1244 - DirectWrite Information Disclosure Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1244

MITRE

NVD

CVE Title: DirectWrite Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when DirectWrite improperly discloses

the contents of its memory. An attacker who successfully exploited the vulnerability

could obtain information to further compromise the userâ€™s system.

There are multiple ways an attacker could exploit the vulnerability, such as by

convincing a user to open a specially crafted document, or by convincing a user to

visit an untrusted webpage.

The security update addresses the vulnerability by correcting how DirectWrite handles

objects in memory.

FAQ:





Disclosure





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1244

Product KB

Article Severity Impact

Supersedenc

e CVSS Score Set

Restart

Require

d


CVE-2019-1244

Windows 7

for 32-bit

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C

Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

























CVE-2019-1244

(Server

Core

installation

)

Rollup

Windows

Server

2008 R2 for

Itanium-

Based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 for

451602

6

Monthly

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:

Yes






















CVE-2019-1244

32-bit

Systems

Service

Pack 2

(Server

Core

installation

)

Rollup

451605

1

Security

Only


C

Windows

Server

2012

451605

5

Monthly

Rollup

451606

2

Security

Only

Importan

t

Informatio

n

Disclosure

4512518

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2012

(Server

Core

installation

)

451605

5

Monthly

Rollup

451606

2

Security

Importan

t

Informatio

n

Disclosure

4512518

Base: 6.5

Temporal: 5.9

Vector:


C

Yes






















CVE-2019-1244

Only

Windows

8.1 for 32-

bit systems

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

8.1 for x64-

based

systems

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2012 R2

451606

4

Security

Only

451606

7

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

























CVE-2019-1244

Monthly

Rollup

Windows

RT 8.1

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2012 R2

(Server

Core

installation

)

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 for 32-

bit Systems

451607

0

Security

Update

Importan

t

Informatio

n

Disclosure

4512497

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 for x64-

451607

0

Security

Importan

t

Informatio

n

Disclosure

4512497

Base: 6.5

Temporal: 5.9

Vector:

Yes



















CVE-2019-1244

based

Systems

Update CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C

Windows

Server

2016

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1607 for

32-bit

Systems

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1607 for

x64-based

Systems

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2016

(Server

Core

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:


C

Yes



















CVE-2019-1244

installation

)

Windows

10 Version

1703 for

32-bit

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1703 for

x64-based

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1709 for

32-bit

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1709 for

x64-based

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 6.5

Temporal: 5.9

Vector:


C

Yes


















CVE-2019-1244

Windows

10 Version

1803 for

32-bit

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1803 for

x64-based

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server,

version

1803

(Server

Core

Installation

)

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1803 for

ARM64-

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:


C

Yes


















CVE-2019-1244

based

Systems

Windows

10 Version

1809 for

32-bit

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1809 for

x64-based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2019

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes


















CVE-2019-1244

Windows

Server

2019

(Server

Core

installation

)

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1903 for

32-bit

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1903 for

x64-based

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:


C

Yes


















CVE-2019-1244

Windows

10 Version

1903 for

ARM64-

based

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server,

version

1903

(Server

Core

installation

)

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 for

Itanium-

Based

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes


















CVE-2019-1244

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

























CVE-2019-1244

(Server

Core

installation

)

Only



Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1245

MITRE

NVD


Description:








objects in memory.


Disclosure






Maximum

Severity

Rating

Vulnerability

Impact

FAQ:




Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1245

Product KB


Supersedenc

e CVSS Score Set

Restart

Require

d

Windows 7

for 32-bit

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

451603

3

Security

Only

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:

Yes






















CVE-2019-1245

Systems

Service

Pack 1

(Server

Core

installation

)

451606

5

Monthly

Rollup


C

Windows

Server

2008 R2 for

Itanium-

Based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 6.5

Temporal: 5.9

Vector:


C

Yes






















CVE-2019-1245

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

(Server

Core

installation

)

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2012

451605

5

Monthly

Rollup

451606

2

Security

Only

Importan

t

Informatio

n

Disclosure

4512518

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2012

(Server

451605

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512518

Base: 6.5

Temporal: 5.9

Vector:

Yes






















CVE-2019-1245

Core

installation

)

451606

2

Security

Only


C

Windows

8.1 for 32-

bit systems

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

8.1 for x64-

based

systems

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2012 R2

451606

4

Security

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:

Yes

























CVE-2019-1245

Only

451606

7

Monthly

Rollup


C

Windows

RT 8.1

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2012 R2

(Server

Core

installation

)

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 for 32-

bit Systems

451607

0

Security

Update

Importan

t

Informatio

n

Disclosure

4512497

Base: 6.5

Temporal: 5.9

Vector:


C

Yes



















CVE-2019-1245

Windows

10 for x64-

based

Systems

451607

0

Security

Update

Importan

t

Informatio

n

Disclosure

4512497

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2016

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1607 for

32-bit

Systems

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1607 for

x64-based

Systems

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2016

451604

4

Security

Importan

t

Informatio

n

Disclosure

4512517

Base: 6.5

Temporal: 5.9

Vector:

Yes





















CVE-2019-1245

(Server

Core

installation

)


C

Windows

10 Version

1703 for

32-bit

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1703 for

x64-based

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1709 for

32-bit

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1709 for

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 6.5

Temporal: 5.9

Vector:

Yes



















CVE-2019-1245

x64-based

Systems


C

Windows

10 Version

1803 for

32-bit

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1803 for

x64-based

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server,

version

1803

(Server

Core

Installation

)

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1803 for

451605

8

Security

Importan

t

Informatio

n

Disclosure

4512501

Base: 6.5

Temporal: 5.9

Vector:

Yes

















CVE-2019-1245

ARM64-

based

Systems


C

Windows

10 Version

1809 for

32-bit

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1809 for

x64-based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2019

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:

Yes



















CVE-2019-1245


C

Windows

Server

2019

(Server

Core

installation

)

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1903 for

32-bit

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

10 Version

1903 for

451538

4

Security

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:

Yes

















CVE-2019-1245

x64-based

Systems


C

Windows

10 Version

1903 for

ARM64-

based

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server,

version

1903

(Server

Core

installation

)

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 for

Itanium-

Based

Systems

451602

6

Monthly

Rollup

451605

1

Security

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes


















CVE-2019-1245

Service

Pack 2

Only

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes

Windows

Server

2008 for

x64-based

Systems

451602

6

Monthly

Rollup

451605

Importan

t

Informatio

n

Disclosure

4512476

Base: 6.5

Temporal: 5.9

Vector:


C

Yes
























CVE-2019-1245

Service

Pack 2

(Server

Core

installation

)

1

Security

Only


Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1246

MITRE

NVD


Description:





crafted file.


Execution








Severity Rating

Vulnerability

Impact



FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1246

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1246

Core

installation)

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1246

(Server

Core

installation)

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1246

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Office 2010

Service

Pack 2 (32-

bit editions)

4475599

Security

Update

Important

Remote

Code

Execution

4475506

Base: N/A

Temporal: N/A

Vector: N/A

Maybe













https://www.microsoft.com/download/details.aspx?familyid=e3773d61-ae15-4e05-aada-e3470a5a2b48




CVE-2019-1246

Microsoft

Office 2010

Service

Pack 2 (64-

bit editions)

4475599

Security

Update

Important

Remote

Code

Execution

4475506

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Office 2013

Service

Pack 1 (32-

bit editions)

4475611

Security

Update

Important

Remote

Code

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Office 2013

Service

Pack 1 (64-

bit editions)

4475611

Security

Update

Important

Remote

Code

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=628ce922-5874-4917-8f14-3d21a0418efb









https://www.microsoft.com/download/details.aspx?familyid=e30be103-9126-4a68-b60e-e5aec6ec6014



https://www.microsoft.com/download/details.aspx?familyid=d01dbaa7-d8e3-4a37-915f-78863fc9d68a




CVE-2019-1246

Microsoft

Office 2013

RT Service

Pack 1

4475611

Security

Update

Important

Remote

Code

Execution

4464599

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Office 2016

(32-bit

edition)

4475591

Security

Update

Important

Remote

Code

Execution

4475538

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Microsoft

Office 2016

(64-bit

edition)

4475591

Security

Update

Important

Remote

Code

Execution

4475538

Base: N/A

Temporal: N/A

Vector: N/A

Maybe

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517 Base: 7.8

Temporal: 7 Yes







https://www.microsoft.com/download/details.aspx?familyid=9881d928-9ffa-4da7-a295-5fc6f4402ec1



https://www.microsoft.com/download/details.aspx?familyid=846b202d-52f0-4716-b743-7445290cb9a2







CVE-2019-1246

Vector:


Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1246

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1246

x64-based

Systems

Vector:


Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1246

x64-based

Systems

Vector:


Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Microsoft

Office 2019

for 32-bit

editions

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No











CVE-2019-1246

Microsoft

Office 2019

for 64-bit

editions

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No

Office 365

ProPlus for

32-bit

Systems

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No

Office 365

ProPlus for

64-bit

Systems

Click to

Run

Security

Update

Important

Remote

Code

Execution

4511553

Base: N/A

Temporal: N/A

Vector: N/A

No

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes








CVE-2019-1246

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

4516026

Monthly

Rollup

4516051

Security

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes
















CVE-2019-1246

Service

Pack 2

Only

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1246

Core

installation)


Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1247

MITRE

NVD


Description:





crafted file.



FAQ:


Execution





Severity Rating

Vulnerability

Impact



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1247

Product KB


Restart

Required


CVE-2019-1247

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1247

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1247

Core

installation)

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

4516064

Security

Only

Important

Remote

Code

Execution

4512488 Base: 7.8

Temporal: 7 Yes























CVE-2019-1247

based

systems

4516067

Monthly

Rollup

Vector:


Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1247

Windows

10 for x64-

based

Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1247

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1247

32-bit

Systems

Vector:


Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1247

32-bit

Systems

Vector:


Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1247

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1247

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1247

based

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes












Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1248

MITRE

NVD


Description:





crafted file.



FAQ:




Execution





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1248

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Remote

Code

Execution

4512506 Base: 7.8

Temporal: 7 Yes





CVE-2019-1248

Service

Pack 1

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

4516033

Security

Only

4516065

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1248

Based

Systems

Service

Pack 1

Monthly

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

Important

Remote

Code

Execution

4512518 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1248

4516062

Security

Only

Vector:


Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes























CVE-2019-1248

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

4516070

Security

Update

Important

Remote

Code

Execution

4512497 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1248

based

Systems

Vector:


Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1248

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1248

32-bit

Systems

Vector:


Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1248

32-bit

Systems

Vector:


Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1248

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1248

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1248

based

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes












Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1249

MITRE

NVD


Description:





crafted file.



FAQ:




Execution





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1249

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Remote

Code

Execution

4512506 Base: 7.8

Temporal: 7 Yes





CVE-2019-1249

Service

Pack 1

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

4516033

Security

Only

4516065

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1249

Based

Systems

Service

Pack 1

Monthly

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

Important

Remote

Code

Execution

4512518 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1249

4516062

Security

Only

Vector:


Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes























CVE-2019-1249

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

4516070

Security

Update

Important

Remote

Code

Execution

4512497 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1249

based

Systems

Vector:


Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1249

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1249

32-bit

Systems

Vector:


Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1249

32-bit

Systems

Vector:


Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1249

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1249

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1249

based

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes












Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1250

MITRE

NVD


Description:





crafted file.



FAQ:




Execution





Severity Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1250

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Remote

Code

Execution

4512506 Base: 7.8

Temporal: 7 Yes





CVE-2019-1250

Service

Pack 1

4516065

Monthly

Rollup

Vector:


Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

4516033

Security

Only

4516065

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes





















CVE-2019-1250

Based

Systems

Service

Pack 1

Monthly

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Remote

Code

Execution

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

Important

Remote

Code

Execution

4512518 Base: 7.8

Temporal: 7 Yes



















CVE-2019-1250

4516062

Security

Only

Vector:


Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Remote

Code

Execution

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes























CVE-2019-1250

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Remote

Code

Execution

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update

Important

Remote

Code

Execution

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 for x64-

4516070

Security

Update

Important

Remote

Code

Execution

4512497 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1250

based

Systems

Vector:


Windows

Server 2016

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server

Core

installation)

4516044

Security

Update

Important

Remote

Code

Execution

4512517

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1250

Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Remote

Code

Execution

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

4516058

Security

Update

Important

Remote

Code

Execution

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1250

32-bit

Systems

Vector:


Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Remote

Code

Execution

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

4512578

Security

Update

Important

Remote

Code

Execution

4511553 Base: 7.8

Temporal: 7 Yes














CVE-2019-1250

32-bit

Systems

Vector:


Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update

Important

Remote

Code

Execution

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1250

Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Remote

Code

Execution

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1250

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update

Important

Remote

Code

Execution

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Remote

Code

Execution

4512476 Base: 7.8

Temporal: 7 Yes




















CVE-2019-1250

based

Systems

Service

Pack 2

4516051

Security

Only

Vector:


Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Remote

Code

Execution

4512476

Base: 7.8

Temporal: 7

Vector:


Yes













Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1251

MITRE

NVD


Description:








objects in memory.

FAQ:



this vulnerability is memory layout - the vulnerability allows an attacker to collect

information that facilitates predicting addressing of the memory.


Disclosure





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1251

Product KB


Supersedenc

e CVSS Score Set

Restart

Require

d


CVE-2019-1251

Windows

10 Version

1703 for

32-bit

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 5.5

Temporal: 5

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C

Yes

Windows

10 Version

1703 for

x64-based

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1709 for

32-bit

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1709 for

x64-based

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

451605

8

Security

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:

Yes





















CVE-2019-1251

32-bit

Systems

Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C

Windows

10 Version

1803 for

x64-based

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server,

version

1803

(Server

Core

Installation

)

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes















CVE-2019-1251

Windows

10 Version

1809 for

32-bit

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1809 for

x64-based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2019

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes


















CVE-2019-1251

Windows

Server

2019

(Server

Core

installation)

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1709 for

ARM64-

based

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

32-bit

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

x64-based

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes


















CVE-2019-1251

Windows

10 Version

1903 for

ARM64-

based

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server,

version

1903

(Server

Core

installation)

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

CVE-2019-1252 - Windows GDI Information Disclosure Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

CVE Title: Windows GDI Information Disclosure Vulnerability


Information

Disclosure











Maximum

Severity

Rating

Vulnerability

Impact

1252

MITRE

NVD

An information disclosure vulnerability exists when the Windows GDI component

improperly discloses the contents of its memory. An attacker who successfully

exploited the vulnerability could obtain information to further compromise the

userâ€™s system.


convincing a user to open a specially crafted document, or by convincing a user to visit

an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI

component handles objects in memory.

FAQ:



this vulnerability is memory layout - the vulnerability allows an attacker to collect

information that facilitates predicting addressing of the memory.

Mitigations:

None





Maximum

Severity

Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1252

Product KB


Supersedenc

e CVSS Score Set

Restart

Require

d

Windows 7

for 32-bit

Systems

Service

Pack 1

451603

3

Security

Only

451606

Importan

t

Informatio

n

Disclosure

4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes







CVE-2019-1252

5

Monthly

Rollup

Windows 7

for x64-

based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

(Server

Core

installation)

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes





















CVE-2019-1252

Windows

Server

2008 R2 for

Itanium-

Based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

451603

3

Security

Only

451606

5

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Importan

t

Informatio

n

Disclosure

4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes

























CVE-2019-1252

(Server

Core

installation)

Only

Windows

Server

2012

451605

5

Monthly

Rollup

451606

2

Security

Only

Importan

t

Informatio

n

Disclosure

4512518

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2012

(Server

Core

installation)

451605

5

Monthly

Rollup

451606

2

Security

Only

Importan

t

Informatio

n

Disclosure

4512518

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

8.1 for 32-

bit systems

451606

4

Security

Only

Importan

t

Informatio

n

Disclosure

4512488

Base: 5.5

Temporal: 5

Vector:

Yes























CVE-2019-1252

451606

7

Monthly

Rollup


C

Windows

8.1 for x64-

based

systems

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2012 R2

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

RT 8.1

451606

7

Monthly

Importan

t

Informatio

n

Disclosure

4512488

Base: 5.5

Temporal: 5

Vector:

Yes






















CVE-2019-1252

Rollup CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C

Windows

Server

2012 R2

(Server

Core

installation)

451606

4

Security

Only

451606

7

Monthly

Rollup

Importan

t

Informatio

n

Disclosure

4512488

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 for 32-

bit Systems

451607

0

Security

Update

Importan

t

Informatio

n

Disclosure

4512497

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 for x64-

based

Systems

451607

0

Security

Update

Importan

t

Informatio

n

Disclosure

4512497

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2016

451604

4

Security

Importan

t

Informatio

n

Disclosure

4512517

Base: 5.5

Temporal: 5

Vector:

Yes





















CVE-2019-1252


C

Windows

10 Version

1607 for

32-bit

Systems

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1607 for

x64-based

Systems

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2016

(Server

Core

installation)

451604

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1703 for

32-bit

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 5.5

Temporal: 5

Vector:


C

Yes



















CVE-2019-1252

Windows

10 Version

1703 for

x64-based

Systems

451606

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512507

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1709 for

32-bit

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1709 for

x64-based

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

32-bit

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

451605

8

Security

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:

Yes





















CVE-2019-1252

x64-based

Systems


C

Windows

Server,

version

1803

(Server

Core

Installation

)

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

451605

8

Security

Update

Importan

t

Informatio

n

Disclosure

4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1809 for

32-bit

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes















CVE-2019-1252

Windows

10 Version

1809 for

x64-based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2019

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2019

(Server

Core

installation)

451257

8

Security

Update

Importan

t

Informatio

n

Disclosure

4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes


















CVE-2019-1252

Windows

10 Version

1709 for

ARM64-

based

Systems

451606

6

Security

Update

Importan

t

Informatio

n

Disclosure

4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

32-bit

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

x64-based

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes


















CVE-2019-1252

Windows

Server,

version

1903

(Server

Core

installation)

451538

4

Security

Update

Importan

t

Informatio

n

Disclosure

4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

Itanium-

Based

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes






















CVE-2019-1252

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

x64-based

Systems

Service

Pack 2

(Server

Core

installation)

451602

6

Monthly

Rollup

451605

1

Security

Only

Importan

t

Informatio

n

Disclosure

4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes




















Severity Rating

Vulnerability

Impact

CVE-

2019-

1253

MITRE

NVD


Description:

An elevation of privilege vulnerability exists when the Windows AppX Deployment

Server improperly handles junctions.

To exploit this vulnerability, an attacker would first have to gain execution on the

victim system. An attacker could then run a specially crafted application to elevate

privileges.

The security update addresses the vulnerability by correcting how AppX

Deployment Server handles junctions.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Privilege





Severity Rating

Vulnerability

Impact


Affected Software


CVE-2019-1253

Product KB


Restart

Required

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes








CVE-2019-1253

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1253

(Server Core

Installation)

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1253

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1253

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

CVE-2019-1254 - Windows Hyper-V Information Disclosure

Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

CVE Title: Windows Hyper-V Information Disclosure Vulnerability


Information

Disclosure









Severity Rating

Vulnerability

Impact

1254

MITRE

NVD

An information disclosure vulnerability exists when Windows Hyper-V writes

uninitialized memory to disk. An attacker could exploit the vulnerability by reading

a file to recover kernel memory.

To exploit the vulnerability, an attacker would first require access to a Hyper-V host.

The security update addresses the vulnerability by ensuring Hyper-V properly

initializes memory before writing it to disk.

FAQ:




Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00





Affected Software


CVE-2019-1254

Product KB


Restart

Required

Windows

Server

2016

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2016

(Server

Core

installation)

4516044

Security

Update


Disclosure 4512517

Base: 5.5

Temporal: 5

Vector:


C

Yes











CVE-2019-1254

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server,

version

1803

(Server

Core

Installation

)

4516058

Security

Update


Disclosure 4512501

Base: 5.5

Temporal: 5

Vector:


C

Yes














CVE-2019-1254

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2019

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2019

(Server

Core

installation)

4512578

Security

Update


Disclosure 4511553

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server,

4515384

Security Important

Information

Disclosure 4512508

Base: 5.5

Temporal: 5 Yes
















CVE-2019-1254

version

1903

(Server

Core

installation)

Update Vector:


C

CVE-2019-1256 - Win32k Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1256

MITRE

NVD

CVE Title: Win32k Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows when the Win32k component

fails to properly handle objects in memory. An attacker who successfully exploited this

vulnerability could run arbitrary code in kernel mode. An attacker could then install

programs; view, change, or delete data; or create new accounts with full user rights.





Privilege






Maximum

Severity

Rating

Vulnerability

Impact

The update addresses this vulnerability by correcting how Win32k handles objects in

memory.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1256

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1256

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes




















CVE-2019-1256

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

























CVE-2019-1256

Rollup

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes


















CVE-2019-1256

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1256

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1256

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803 (Server

Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1256

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1256

based

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1903 (Server

Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1256

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2008

for x64-

4516026

Monthly

Rollup

Important

Elevation

of

Privilege

4512476 Base: 7.8

Temporal: 7 Yes























CVE-2019-1256

based

Systems

Service Pack

2 (Server

Core

installation)

4516051

Security

Only

Vector:


CVE-2019-1257 - Microsoft SharePoint Remote Code Execution

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1257

MITRE

NVD

CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software

fails to check the source markup of an application package. An attacker who

successfully exploited the vulnerability could run arbitrary code in the context of the

SharePoint application pool and the SharePoint server farm account.


Execution








Maximum

Severity

Rating

Vulnerability

Impact

Exploitation of this vulnerability requires that a user uploads a specially crafted

SharePoint application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks

the source markup of application packages.

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1257


Set

Restart

Required

Microsoft SharePoint Foundation

2010 Service Pack 2

4475605 Security

Update Critical

Remote Code

Execution 4475575

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2013 Service Pack 1

4484098 Security

Update Critical

Remote Code

Execution 4475565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Enterprise

Server 2016

4475590 Security

Update Critical

Remote Code

Execution 4475549

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Server 2019 4475596 Security

Update Critical

Remote Code

Execution 4475555

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=4a802112-cbf1-4cb9-9f4d-a3aa1a5ba7b2


https://www.microsoft.com/download/details.aspx?familyid=10362533-7c43-46ff-bb5d-e7519533e73e


https://www.microsoft.com/download/details.aspx?familyid=7d91d11b-6c09-4f22-802b-bd4e8e7a6ea2


https://www.microsoft.com/download/details.aspx?familyid=ac9ab481-f6e6-4a9a-bd3b-226e9a604e6c



CVE-2019-1259 - Microsoft SharePoint Spoofing Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1259

MITRE

NVD

CVE Title: Microsoft SharePoint Spoofing Vulnerability

Description:

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles

requests to authorize applications, resulting in cross-site request forgery (CSRF).

To exploit this vulnerability, an attacker would need to create a page specifically

designed to cause a cross-site request. The attacker would then need to convince a

targeted user to click a link to the malicious page.

The security update addresses the vulnerability by helping to ensure that SharePoint

Server properly sanitizes user web requests.

FAQ:



Mitigations:

None

Moderate Spoofing





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1259


Set

Restart

Required

Microsoft SharePoint Foundation 2013

Service Pack 1

4484098 Security

Update Moderate Spoofing 4475565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe




CVE-2019-1260 - Microsoft SharePoint Elevation of Privilege

Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1260

MITRE

NVD

CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker

who successfully exploited this vulnerability could attempt to impersonate another

user of the SharePoint server.

To exploit this vulnerability, an authenticated attacker would send a specially

crafted request to an affected server, thereby allowing the impersonation of

another SharePoint user.

The security update addresses the vulnerability by correcting how Microsoft

SharePoint sanitizes user input.

FAQ:




Privilege





Severity Rating

Vulnerability

Impact

There are multiple update packages available for some of the affected

software. Do I need to install all the updates listed in the Security Updates

table for the software?

Yes. Customers should apply all updates offered for the software installed on their

systems. If multiple updates apply, they can be installed in any order.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1260


Set

Restart

Required


2010 Service Pack 2

4475605 Security

Update Important

Elevation of

Privilege 4475575

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2013 Service Pack 1

4484098 Security

Update

4484099 Security

Update


Privilege 4475565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Enterprise

Server 2016

4475590 Security

Update

4475594 Security

Update


Privilege 4475549

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Server 2019

4464557 Security

Update

4475596 Security

Update


Privilege 4475555

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe





https://www.microsoft.com/download/details.aspx?familyid=23dc8752-1dbb-4ff0-b1ad-919af60ac8c1

https://www.microsoft.com/download/details.aspx?familyid=23dc8752-1dbb-4ff0-b1ad-919af60ac8c1



https://www.microsoft.com/download/details.aspx?familyid=43679f4f-1d20-46d4-a01d-090f86db8e3a

https://www.microsoft.com/download/details.aspx?familyid=43679f4f-1d20-46d4-a01d-090f86db8e3a

https://www.microsoft.com/downloads/details.aspx?familyid=a1171fff-8b10-48ef-9e58-58955d828e20

https://www.microsoft.com/downloads/details.aspx?familyid=a1171fff-8b10-48ef-9e58-58955d828e20




CVE-2019-1261 - Microsoft SharePoint Spoofing Vulnerability


Severity Rating

Vulnerability

Impact

CVE-

2019-

1261

MITRE

NVD

CVE Title: Microsoft SharePoint Spoofing Vulnerability

Description:

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles

requests to authorize applications, resulting in cross-site request forgery (CSRF).

To exploit this vulnerability, an attacker would need to create a page specifically

designed to cause a cross-site request. The attacker would then need to convince a

targeted user to click a link to the malicious page.


Server properly sanitizes user web requests.

FAQ:



Mitigations:

None

Important Spoofing





Severity Rating

Vulnerability

Impact

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1261


Set

Restart

Required


Service Pack 1

4484098 Security

Update Important Spoofing 4475565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft SharePoint Enterprise Server

2016

4475590 Security


Base: N/A

Temporal: Maybe






CVE-2019-1261

N/A

Vector: N/A

Microsoft SharePoint Server 2019 4475596 Security


Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

CVE-2019-1262 - Microsoft Office SharePoint XSS Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1262

MITRE

NVD

CVE Title: Microsoft Office SharePoint XSS Vulnerability

Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does

not properly sanitize a specially crafted web request to an affected SharePoint server. An

authenticated attacker could exploit the vulnerability by sending a specially crafted

request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site

scripting attacks on affected systems and run script in the security context of the current

user. The attacks could allow the attacker to read content that the attacker is not

Important Spoofing







Maximum

Severity

Rating

Vulnerability

Impact

authorized to read, use the victim's identity to take actions on the SharePoint site on

behalf of the user, such as change permissions and delete content, and inject malicious

content in the browser of the user.


Server properly sanitizes web requests.

FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1262


Set

Restart

Required


Service Pack 1

4484098 Security


Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

CVE-2019-1263 - Microsoft Excel Information Disclosure Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1263

CVE Title: Microsoft Excel Information Disclosure Vulnerability


Information

Disclosure





Maximum

Severity

Rating

Vulnerability

Impact

MITRE

NVD

An information disclosure vulnerability exists when Microsoft Excel improperly

discloses the contents of its memory. An attacker who exploited the vulnerability

could use the information to compromise the userâ€™s computer or data.

To exploit the vulnerability, an attacker could craft a special document file and then

convince the user to open it. An attacker must know the memory address location

where the object was created.

The update addresses the vulnerability by changing the way certain Excel functions

handle objects in memory.

FAQ:










Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1263


Set

Restart

Required

Microsoft Excel 2010 Service Pack

2 (32-bit editions)

4475574 Security

Update Important

Information

Disclosure 4464572

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=72b12656-3b12-4114-b6c4-a67612568262

https://www.microsoft.com/download/details.aspx?familyid=72b12656-3b12-4114-b6c4-a67612568262


CVE-2019-1263


2 (64-bit editions)

4475574 Security

Update Important

Information

Disclosure 4464572

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


1 (32-bit editions)

4475566 Security

Update Important

Information

Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


1 (64-bit editions)

4475566 Security

Update Important

Information

Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Excel 2013 RT Service

Pack 1

4475566 Security

Update Important

Information

Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2016 for Mac Release Notes

Security Update Important

Information

Disclosure 4464565

Base: N/A

Temporal:

N/A

Vector: N/A

No

Microsoft Excel 2016 (32-bit

edition)

4475579 Security

Update Important

Information

Disclosure 4475513

Base: N/A

Temporal: Maybe

https://www.microsoft.com/download/details.aspx?familyid=d1c9fd5a-a0b4-40f8-8bc7-12d88e543b25

https://www.microsoft.com/download/details.aspx?familyid=d1c9fd5a-a0b4-40f8-8bc7-12d88e543b25

https://www.microsoft.com/download/details.aspx?familyid=46b94ad8-1a00-45d3-95fd-6b398f4ce94e

https://www.microsoft.com/download/details.aspx?familyid=46b94ad8-1a00-45d3-95fd-6b398f4ce94e

https://www.microsoft.com/download/details.aspx?familyid=24b2ce6d-b1be-46a2-89db-e1e7a81903c8

https://www.microsoft.com/download/details.aspx?familyid=24b2ce6d-b1be-46a2-89db-e1e7a81903c8

https://go.microsoft.com/fwlink/p/?linkid=831049


https://www.microsoft.com/download/details.aspx?familyid=51e2ed83-2fee-41d4-86f1-2b720f6159f7

https://www.microsoft.com/download/details.aspx?familyid=51e2ed83-2fee-41d4-86f1-2b720f6159f7


CVE-2019-1263

N/A

Vector: N/A

Microsoft Excel 2016 (64-bit

edition)

4475579 Security

Update Important

Information

Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2019 for 32-bit

editions

Click to Run Security

Update Important

Information

Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No


editions


Update Important

Information

Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No

Microsoft Office 2019 for Mac Release Notes


Information

Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No

Office 365 ProPlus for 32-bit

Systems


Update Important

Information

Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No

https://www.microsoft.com/download/details.aspx?familyid=2297d8da-f7e4-4feb-b523-4de02d5cd465

https://www.microsoft.com/download/details.aspx?familyid=2297d8da-f7e4-4feb-b523-4de02d5cd465




CVE-2019-1263


Systems


Update Important

Information

Disclosure 4475513

Base: N/A

Temporal:

N/A

Vector: N/A

No

CVE-2019-1264 - Microsoft Office Security Feature Bypass Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1264

MITRE

NVD

CVE Title: Microsoft Office Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Office improperly

handles input. An attacker who successfully exploited the vulnerability could execute

arbitrary commands.

In a file-sharing attack scenario, an attacker could provide a specially crafted

document file designed to exploit the vulnerability, and then convince a user to open

the document file and interact with the document by clicking a specific cell.

The update addresses the vulnerability by correcting how Microsoft Office handles

input.


Bypass





Maximum

Severity

Rating

Vulnerability

Impact

FAQ:



Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1264


Set

Restart

Required

Microsoft Project 2010 Service Pack

2 (32-bit editions)

4461631 Security

Update Important

Security Feature

Bypass 4022147

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2 (64-bit editions)

4461631 Security

Update Important

Security Feature

Bypass 4022147

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2010 Service Pack

2 (32-bit editions)

4464566 Security

Update Important

Security Feature

Bypass 4462223

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


2 (64-bit editions)

4464566 Security

Update Important

Security Feature

Bypass 4462223

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


1 (32-bit editions)

4475607 Security

Update Important

Security Feature

Bypass 4464558

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

https://www.microsoft.com/download/details.aspx?familyid=510cf414-3364-4143-bcc8-0355e28d773b

https://www.microsoft.com/download/details.aspx?familyid=510cf414-3364-4143-bcc8-0355e28d773b

https://www.microsoft.com/download/details.aspx?familyid=86a41f85-8a77-40ef-8563-dfa32479044f

https://www.microsoft.com/download/details.aspx?familyid=86a41f85-8a77-40ef-8563-dfa32479044f

https://www.microsoft.com/download/details.aspx?familyid=fd98c400-633f-4bab-aa10-419ac125922e

https://www.microsoft.com/download/details.aspx?familyid=fd98c400-633f-4bab-aa10-419ac125922e

https://www.microsoft.com/download/details.aspx?familyid=f653326b-f23e-41dc-9901-0aa0d536ec07

https://www.microsoft.com/download/details.aspx?familyid=f653326b-f23e-41dc-9901-0aa0d536ec07

https://www.microsoft.com/download/details.aspx?familyid=39bb5cf0-ff70-422f-b3bc-0a0711da9f01



CVE-2019-1264


1 (64-bit editions)

4475607 Security

Update Important

Security Feature

Bypass 4464558

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2013 RT Service

Pack 1

4475607 Security

Update Important

Security Feature

Bypass 4464558

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2016 (32-bit

edition)

4475583 Security

Update Important

Security Feature

Bypass 4462242

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Office 2016 (64-bit

edition)

4475583 Security

Update Important

Security Feature

Bypass 4462242

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Project 2016 (32-bit

edition)

4475589 Security

Update Important

Security Feature

Bypass 4461478

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe

Microsoft Project 2016 (64-bit

edition)

4475589 Security

Update Important

Security Feature

Bypass 4461478

Base: N/A

Temporal: Maybe



https://www.microsoft.com/download/details.aspx?familyid=c5e4e0c8-08ea-4bda-a557-b5f1f3d6e9f3

https://www.microsoft.com/download/details.aspx?familyid=c5e4e0c8-08ea-4bda-a557-b5f1f3d6e9f3

https://www.microsoft.com/download/details.aspx?familyid=0410056d-c298-4c0d-86bc-e47e46161c4d

https://www.microsoft.com/download/details.aspx?familyid=0410056d-c298-4c0d-86bc-e47e46161c4d

https://www.microsoft.com/download/details.aspx?familyid=ed368a6d-38c1-4c86-a577-9e28294dd541

https://www.microsoft.com/download/details.aspx?familyid=ed368a6d-38c1-4c86-a577-9e28294dd541

https://www.microsoft.com/download/details.aspx?familyid=0cf1d444-4aa0-4cbe-a25a-3bd9dfc1d29d

https://www.microsoft.com/download/details.aspx?familyid=0cf1d444-4aa0-4cbe-a25a-3bd9dfc1d29d


CVE-2019-1264

N/A

Vector: N/A


1 (32-bit editions)

4464548 Security

Update Important

Security Feature

Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


1 (64-bit editions)

4464548 Security

Update Important

Security Feature

Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


editions

Click to Run


Security Feature

Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No


editions

Click to Run


Security Feature

Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No


Systems

Click to Run


Security Feature

Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No

https://www.microsoft.com/download/details.aspx?familyid=8eb0d7c0-8def-4d00-a8c9-1b0f78f691d9





CVE-2019-1264


Systems

Click to Run


Security Feature

Bypass 4461489

Base: N/A

Temporal:

N/A

Vector: N/A

No

CVE-2019-1265 - Microsoft Yammer Security Feature Bypass

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1265

MITRE

NVD

CVE Title: Microsoft Yammer Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists when Microsoft Yammer App for Android

fails to apply the correct Intune MAM Policy.

This could allow an attacker to perform functions that are restricted by Intune Policy.

The security update addresses the vulnerability by correcting the way the policy is

applied to Yammer App.


Bypass





Maximum

Severity

Rating

Vulnerability

Impact

FAQ:

How do I get the update for Yammer for Android?

1. Tap the Google Play icon on your home screen.

2. Swipe in from the left edge of the screen.

3. Tap My apps & games.

4. Tap the Update box next to the Yammer app.

Is there a direct link on the web?

Yes: https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US

What versions of the Yammer for Android App contain the fix for this

vulnerability?

Yammer for Android App versions 5.6.10 or higher are not affected by this vulnerability.

Mitigations:

None

Workarounds:

https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US



Maximum

Severity

Rating

Vulnerability

Impact

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1265

Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required

Yammer for Android Important Security Feature Bypass Base: N/A

Temporal: N/A

Vector: N/A


CVE-2019-1266 - Microsoft Exchange Spoofing Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1266

MITRE

NVD

CVE Title: Microsoft Exchange Spoofing Vulnerability

Description:

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App

(OWA) fails to properly handle web requests. An attacker who successfully exploited the

vulnerability could perform script or content injection attacks, and attempt to trick the

user into disclosing sensitive information. An attacker could also redirect the user to a

malicious website that could spoof content or the vulnerability could be used as a pivot

to chain an attack with other vulnerabilities in web services.

To exploit the vulnerability, an attacker could send a specially crafted email containing a

malicious link to a user. An attacker could also use a chat client to social engineer a user

into clicking the malicious link. However, in both examples the user must click the

malicious link.

The security update addresses the vulnerability by correcting how OWA validates web

requests.

FAQ:

None

Important Spoofing





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1266


Set

Restart

Required



4515832 Security


Base: N/A

Temporal:

N/A

Vector: N/A

Maybe




CVE-2019-1266


Cumulative Update 1

4515832 Security


Base: N/A

Temporal:

N/A

Vector: N/A

Maybe


Cumulative Update 2

4515832 Security


Base: N/A

Temporal:

N/A

Vector: N/A

Maybe



4515832 Security


Base: N/A

Temporal:

N/A

Vector: N/A

Maybe








CVE-2019-1267 - Microsoft Compatibility Appraiser Elevation of



Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1267

MITRE

NVD

CVE Title: Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where

a configuration file, with local privileges, is vulnerable to symbolic link and hard link

attacks. An attacker who successfully exploited this vulnerability could run processes in

an elevated context. An attacker could then install programs; view, change or delete

data.




The security update addresses the vulnerability by writing the file to a location with an

appropriate Access Control List.

FAQ:


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1267

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Important

Elevation

of

Privilege

4512506 Base: 7.3

Temporal: 6.6 Yes





CVE-2019-1267

Service Pack

1

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

4516033

Security

Only

4516065

Monthly

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes






















CVE-2019-1267

Systems

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes





















CVE-2019-1267

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517 Base: 7.3

Temporal: 6.6 Yes























CVE-2019-1267

Vector:


Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1607

for x64-

based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1703

for x64-

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.3

Temporal: 6.6

Vector:


Yes

















CVE-2019-1267

based

Systems

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for x64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for x64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server,

version 1803

4516058

Security

Update

Important

Elevation

of

Privilege

4512501 Base: 7.3

Temporal: 6.6 Yes

















CVE-2019-1267

(Server Core

Installation)

Vector:


Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for x64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes














CVE-2019-1267

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for x64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

















CVE-2019-1267

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

CVE-2019-1268 - Winlogon Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1268

MITRE

NVD

CVE Title: Winlogon Elevation of Privilege Vulnerability

Description:

An elevation of privilege exists when Winlogon does not properly handle file path

information. An attacker who successfully exploited this vulnerability could run arbitrary


Privilege











Maximum

Severity

Rating

Vulnerability

Impact

code. An attacker could then install programs; view, change, or delete data; or create

new accounts with full user rights.


attacker could then run a specially crafted application to take control of an affected

system.

The update addresses the vulnerability by correcting how Winlogon handles path

information.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00



Affected Software


CVE-2019-1268

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C

Yes

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

4516033

Security

Only

4516065

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes


















CVE-2019-1268

Systems

Service Pack

1 (Server

Core

installation)

Monthly

Rollup

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for 32-bit

4516026

Monthly

Rollup

Important

Elevation

of

Privilege

4512476 Base: 6.5

Temporal: 5.9 Yes



















CVE-2019-1268

Systems

Service Pack

2 (Server

Core

installation)

4516051

Security

Only

Vector:


Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes























CVE-2019-1268

Windows

8.1 for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.5

Temporal: 5.9

Vector:


Yes




















CVE-2019-1268

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

















CVE-2019-1268

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

















CVE-2019-1268

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server,

version

1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.5

Temporal: 5.9

Vector:


Yes














CVE-2019-1268

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.5

Temporal: 5.9

Vector:


Yes

















CVE-2019-1268

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes














CVE-2019-1268

Windows

Server,

version

1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

Windows

Server 2008

for x64-

based

4516026

Monthly

Rollup

4516051

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes





















CVE-2019-1268

Systems

Service Pack

2

Security

Only

Windows

Server 2008

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 6.5

Temporal: 5.9

Vector:


Yes

CVE-2019-1269 - Windows ALPC Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1269

CVE Title: Windows ALPC Elevation of Privilege Vulnerability


Elevation of

Privilege











Maximum

Severity

Rating

Vulnerability

Impact

MITRE

NVD

An elevation of privilege vulnerability exists when Windows improperly handles calls

to Advanced Local Procedure Call (ALPC).

An attacker who successfully exploited this vulnerability could run arbitrary code in

the security context of the local system. An attacker could then install programs; view,

change, or delete data; or create new accounts with full user rights.


attacker could then run a specially crafted application that could exploit the

vulnerability and take control over an affected system.

The update addresses the vulnerability by correcting how Windows handles calls to

ALPC.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00





Maximum

Severity

Rating

Vulnerability

Impact


Affected Software


CVE-2019-1269

Product KB


Restart

Required

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

Yes

Windows 8.1

for x64-

based

systems

4516064

Security

Only

4516067

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes












CVE-2019-1269

Monthly

Rollup

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes



















CVE-2019-1269

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for x64-

based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1269

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for x64-

based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for x64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1269

Windows 10

Version 1803

for x64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for x64-

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1269

based

Systems

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

4515384

Security

Update

Important

Elevation

of

Privilege

4512508 Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1269

for 32-bit

Systems

Vector:


Windows 10

Version 1903

for x64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes











CVE-2019-1270 - Microsoft Windows Store Installer Elevation of



Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1270

MITRE

NVD

CVE Title: Microsoft Windows Store Installer Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows store installer where

WindowsApps directory is vulnerable to symbolic link attack. An attacker who

successfully exploited this vulnerability could bypass access restrictions to add or

remove files.



vulnerability and add or remove files.

The security update addresses the vulnerability by not allowing reparse points in the

WindowsApps directory.

FAQ:

None


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1270

Product KB


Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes





CVE-2019-1270

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for x64-

based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1270

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for x64-

based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for x64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1270

Windows 10

Version 1803

for x64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for x64-

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1270

based

Systems

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

4515384

Security

Update

Important

Elevation

of

Privilege

4512508 Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1270

for 32-bit

Systems

Vector:


Windows 10

Version 1903

for x64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes











CVE-2019-1271 - Windows Media Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1271

MITRE

NVD

CVE Title: Windows Media Elevation of Privilege Vulnerability

Description:

An elevation of privilege exists in hdAudio.sys which may lead to an out of band write.

An attacker who successfully exploited this vulnerability could run processes in an

elevated context. An attacker could then install programs; view, change or delete data.


attacker could then run a specially crafted application to take control of an affected

system.

The update addresses the vulnerability by correcting how hdAudio.sys stores the size

of the reserved region.

FAQ:

None

Mitigations:

None

Workarounds:

None


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1271

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C

Yes








CVE-2019-1271

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes




















CVE-2019-1271

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Important

Elevation

of

Privilege

4512506

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7

Temporal: 6.3

Vector:


Yes




















CVE-2019-1271

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Important

Elevation

of

Privilege

4512518

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 8.1

for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

























CVE-2019-1271

Rollup

Windows RT

8.1

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Important

Elevation

of

Privilege

4512488

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes


















CVE-2019-1271

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1607

for x64-

based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1703

for x64-

based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7

Temporal: 6.3

Vector:


Yes

















CVE-2019-1271

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1709

for x64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1803

for x64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:


Yes

















CVE-2019-1271

Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1809

for x64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

















CVE-2019-1271

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1903

for x64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:


Yes

















CVE-2019-1271

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

4516026

Monthly

Rollup

4516051

Security

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes






















CVE-2019-1271

Service Pack

2

Only

Windows

Server 2008

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Important

Elevation

of

Privilege

4512476

Base: 7

Temporal: 6.3

Vector:


Yes

CVE-2019-1272 - Windows ALPC Elevation of Privilege Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1272

CVE Title: Windows ALPC Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists when Windows improperly handles calls

to Advanced Local Procedure Call (ALPC).


Privilege










Maximum

Severity

Rating

Vulnerability

Impact

MITRE

NVD

An attacker who successfully exploited this vulnerability could run arbitrary code in

the security context of the local system. An attacker could then install programs; view,

change, or delete data; or create new accounts with full user rights.



vulnerability and take control over an affected system.

The update addresses the vulnerability by correcting how Windows handles calls to

ALPC.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00





Affected Software


CVE-2019-1272

Product KB


Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes














CVE-2019-1272

Windows 10

Version 1607

for x64-

based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1703

for x64-

based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1272

Windows 10

Version 1709

for x64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for x64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version 1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1803

for ARM64-

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1272

based

Systems

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for x64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553 Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1272

(Server Core

installation)

Vector:


Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for x64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes














CVE-2019-1272

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

CVE-2019-1273 - Active Directory Federation Services XSS Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1273

MITRE

NVD

CVE Title: Active Directory Federation Services XSS Vulnerability

Description:

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services

(ADFS) does not properly sanitize certain error messages. An authenticated attacker

could exploit the vulnerability by sending a specially crafted request to an affected ADFS

server.

The attacker who successfully exploited the vulnerability could then perform cross-site

scripting attacks on affected systems and run scripts in the security context of the

current user. The attacks could allow the attacker to read content that the attacker is not

authorized to read, use the victim's identity to take actions on the ADFS site on behalf of

Important Spoofing








Maximum

Severity

Rating

Vulnerability

Impact

the user, such as change permissions and delete content, and inject malicious content in

the browser of the user.

The security update addresses the vulnerability by helping to ensure that ADFS error

handling properly sanitizes error messages.

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1273

Product KB


Restart

Required

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update

Important Spoofing 4512501

Base: 8.2

Temporal: 7.4

Vector:

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C

Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

4516058

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes














CVE-2019-1273

based

Systems

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes














CVE-2019-1273

Windows

Server 2019

(Server

Core

installation)

4512578

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

based

Systems

4515384

Security

Update


Base: 8.2

Temporal: 7.4

Vector:


Yes

Windows

Server,

4515384

Security Important Spoofing 4512508

Base: 8.2

Temporal: 7.4 Yes
















CVE-2019-1273

version

1903

(Server

Core

installation)

Update Vector:


CVE-2019-1274 - Windows Kernel Information Disclosure Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1274

MITRE

NVD

CVE Title: Windows Kernel Information Disclosure Vulnerability

Description:

An information disclosure vulnerability exists when the Windows kernel fails to

properly initialize a memory address. An attacker who successfully exploited this

vulnerability could obtain information to further compromise the userâ€™s system.

To exploit this vulnerability, an attacker would have to log on to an affected system

and run a specially crafted application.

The security update addresses the vulnerability by correcting how the Windows kernel

initializes memory.


Disclosure






Maximum

Severity

Rating

Vulnerability

Impact

FAQ:




Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software



CVE-2019-1274

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

(Server

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes




















CVE-2019-1274

Core

installation)

Windows

Server 2008

R2 for

Itanium-

Based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes




















CVE-2019-1274

(Server

Core

installation)

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

8.1 for x64-

4516064

Security Important

Information

Disclosure 4512488

Base: 6.3

Temporal: 5.7 Yes






















CVE-2019-1274

based

systems

Only

4516067

Monthly

Rollup

Vector:


Windows

Server 2012

R2

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

RT 8.1

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 for 32-

bit Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.3

Temporal: 5.7 Yes





















CVE-2019-1274

Vector:


Windows

10 for x64-

based

Systems

4516070

Security

Update


Disclosure 4512497

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update


Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1607 for

32-bit

Systems

4516044

Security

Update


Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1607 for

x64-based

Systems

4516044

Security

Update


Disclosure 4512517

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2016

(Server

4516044

Security

Update


Disclosure 4512517

Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1274

Core

installation)

Vector:


Windows

10 Version

1703 for

32-bit

Systems

4516068

Security

Update


Disclosure 4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1703 for

x64-based

Systems

4516068

Security

Update


Disclosure 4512507

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1709 for

32-bit

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1709 for

x64-based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes














CVE-2019-1274

Windows

10 Version

1803 for

32-bit

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1803 for

x64-based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server,

version

1803

(Server

Core

Installation)

4516058

Security

Update


Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1803 for

ARM64-

based

Systems

4516058

Security

Update


Disclosure 4512501

Base: 6.3

Temporal: 5.7

Vector:


Yes














CVE-2019-1274

Windows

10 Version

1809 for

32-bit

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1809 for

x64-based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1809 for

ARM64-

based

Systems

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2019

(Server

4512578

Security

Update


Disclosure 4511553

Base: 6.3

Temporal: 5.7 Yes

















CVE-2019-1274

Core

installation)

Vector:


Windows

10 Version

1709 for

ARM64-

based

Systems

4516066

Security

Update


Disclosure 4512516

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1903 for

32-bit

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1903 for

x64-based

Systems

4515384

Security

Update


Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

10 Version

1903 for

ARM64-

4515384

Security

Update


Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes














CVE-2019-1274

based

Systems

Windows

Server,

version

1903

(Server

Core

installation)

4515384

Security

Update


Disclosure 4512508

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes

















CVE-2019-1274

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service

Pack 2

(Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 6.3

Temporal: 5.7

Vector:


Yes














CVE-2019-1277 - Windows Audio Service Elevation of Privilege

Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1277

MITRE

NVD

CVE Title: Windows Audio Service Elevation of Privilege Vulnerability

Description:

An elevation of privilege vulnerability exists in Windows Audio Service when a

malformed parameter is processed. An attacker who successfully exploited the

vulnerability could run arbitrary code with elevated privileges when used in conjunction

with another vulnerability.

To exploit the vulnerability, an attacker could run a specially crafted application locally.

This vulnerability by itself does not allow arbitrary code to be run. However, this

vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a

remote code execution vulnerability and another elevation of privilege) that could take

advantage of the elevated privileges when running.

The update addresses the vulnerability by correcting how the Windows Audio Service

handles these parameters.


Privilege





Maximum

Severity

Rating

Vulnerability

Impact

FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1277

Product KB


Restart

Required


CVE-2019-1277

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

x64-based

Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1277

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1803

(Server Core

Installation)

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1277

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1277

based

Systems

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

x64-based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes
















Severity Rating

Vulnerability

Impact

CVE-

2019-

1278

MITRE

NVD


Description:

An elevation of privilege vulnerability exists in the way that the unistore.dll handles

objects in memory. An attacker who successfully exploited the vulnerability could

execute code with elevated permissions.

To exploit the vulnerability, a locally authenticated attacker could run a specially


The security update addresses the vulnerability by ensuring the unistore.dll properly


FAQ:

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Privilege





Severity Rating

Vulnerability

Impact


Affected Software


CVE-2019-1278

Product KB


Restart

Required

Windows 10

for 32-bit

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Important

Elevation

of

Privilege

4512497

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Important

Elevation

of

Privilege

4512517 Base: 7.8

Temporal: 7 Yes











CVE-2019-1278

Vector:


Windows 10

Version

1607 for 32-

bit Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1607 for

x64-based

Systems

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Important

Elevation

of

Privilege

4512517

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for 32-

bit Systems

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1703 for

4516068

Security

Update

Important

Elevation

of

Privilege

4512507

Base: 7.8

Temporal: 7

Vector:


Yes

















CVE-2019-1278

x64-based

Systems

Windows 10

Version

1709 for 32-

bit Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

x64-based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for 32-

bit Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1803 for

x64-based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

4516058

Security

Update

Important

Elevation

of

Privilege

4512501 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1278

1803

(Server Core

Installation)

Vector:


Windows 10

Version

1803 for

ARM64-

based

Systems

4516058

Security

Update

Important

Elevation

of

Privilege

4512501

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for 32-

bit Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

x64-based

Systems

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1809 for

ARM64-

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes














CVE-2019-1278

based

Systems

Windows

Server 2019

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Important

Elevation

of

Privilege

4511553

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1709 for

ARM64-

based

Systems

4516066

Security

Update

Important

Elevation

of

Privilege

4512516

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for 32-

bit Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows 10

Version

1903 for

4515384

Security

Update

Important

Elevation

of

Privilege

4512508 Base: 7.8

Temporal: 7 Yes

















CVE-2019-1278

x64-based

Systems

Vector:


Windows 10

Version

1903 for

ARM64-

based

Systems

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes

Windows

Server,

version

1903

(Server Core

installation)

4515384

Security

Update

Important

Elevation

of

Privilege

4512508

Base: 7.8

Temporal: 7

Vector:


Yes








CVE-2019-1280 - LNK Remote Code Execution Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1280

MITRE

NVD

CVE Title: LNK Remote Code Execution Vulnerability

Description:

A remote code execution vulnerability exists in Microsoft Windows that could allow

remote code execution if a .LNK file is processed.

An attacker who successfully exploited this vulnerability could gain the same user rights

as the local user. Users whose accounts are configured to have fewer user rights on the

system could be less impacted than users who operate with administrative user rights.

The attacker could present to the user a removable drive, or remote share, that contains

a malicious .LNK file and an associated malicious binary. When the user opens this

drive(or remote share) in Windows Explorer, or any other application that parses

the .LNK file, the malicious binary will execute code of the attackerâ€™s choice, on the

target system.

The security update addresses the vulnerability by correcting the processing of shortcut

LNK references.

FAQ:


Execution





Maximum

Severity

Rating

Vulnerability

Impact

None

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1280

Product KB


Restart

Required

Windows 7

for 32-bit

Systems

4516033

Security

Only

Critical

Remote

Code

Execution

4512506 Base: 7.3

Temporal: 6.6 Yes





CVE-2019-1280

Service Pack

1

4516065

Monthly

Rollup

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Windows 7

for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1 (Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

R2 for

Itanium-

Based

4516033

Security

Only

4516065

Monthly

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes






















CVE-2019-1280

Systems

Service Pack

1

Rollup

Windows

Server 2008

R2 for x64-

based

Systems

Service Pack

1

4516033

Security

Only

4516065

Monthly

Rollup

Critical

Remote

Code

Execution

4512506

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2012

4516055

Monthly

Rollup

4516062

Security

Critical

Remote

Code

Execution

4512518

Base: 7.3

Temporal: 6.6

Vector:


Yes




















CVE-2019-1280

Only

Windows

Server 2012

(Server Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only

Critical

Remote

Code

Execution

4512518

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for 32-bit

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 8.1

for x64-

based

systems

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2012

R2

4516064

Security

Only

4516067

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

























CVE-2019-1280

Monthly

Rollup

Windows RT

8.1

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2012

R2 (Server

Core

installation)

4516064

Security

Only

4516067

Monthly

Rollup

Critical

Remote

Code

Execution

4512488

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

for 32-bit

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

for x64-

based

Systems

4516070

Security

Update

Critical

Remote

Code

Execution

4512497

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2016

4516044

Security

Update

Critical

Remote

Code

Execution

4512517 Base: 7.3

Temporal: 6.6 Yes



















CVE-2019-1280

Vector:


Windows 10

Version 1607

for 32-bit

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1607

for x64-

based

Systems

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2016

(Server Core

installation)

4516044

Security

Update

Critical

Remote

Code

Execution

4512517

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1703

for 32-bit

Systems

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1703

for x64-

4516068

Security

Update

Critical

Remote

Code

Execution

4512507

Base: 7.3

Temporal: 6.6

Vector:


Yes

















CVE-2019-1280

based

Systems

Windows 10

Version 1709

for 32-bit

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for x64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for 32-bit

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1803

for x64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server,

version 1803

4516058

Security

Update

Critical

Remote

Code

Execution

4512501 Base: 7.3

Temporal: 6.6 Yes

















CVE-2019-1280

(Server Core

Installation)

Vector:


Windows 10

Version 1803

for ARM64-

based

Systems

4516058

Security

Update

Critical

Remote

Code

Execution

4512501

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for 32-bit

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for x64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1809

for ARM64-

based

Systems

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes














CVE-2019-1280

Windows

Server 2019

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2019

(Server Core

installation)

4512578

Security

Update

Critical

Remote

Code

Execution

4511553

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1709

for ARM64-

based

Systems

4516066

Security

Update

Critical

Remote

Code

Execution

4512516

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for 32-bit

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows 10

Version 1903

for x64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

















CVE-2019-1280

Windows 10

Version 1903

for ARM64-

based

Systems

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server,

version 1903

(Server Core

installation)

4515384

Security

Update

Critical

Remote

Code

Execution

4512508

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for Itanium-

Based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for 32-bit

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes




















CVE-2019-1280

Windows

Server 2008

for x64-

based

Systems

Service Pack

2

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes

Windows

Server 2008

for x64-

based

Systems

Service Pack

2 (Server

Core

installation)

4516026

Monthly

Rollup

4516051

Security

Only

Critical

Remote

Code

Execution

4512476

Base: 7.3

Temporal: 6.6

Vector:


Yes














CVE-2019-1282 - Windows Common Log File System Driver Information

Disclosure Vulnerability


Maximum

Severity

Rating

Vulnerability

Impact

CVE-

2019-

1282

MITRE

NVD

CVE Title: Windows Common Log File System Driver Information Disclosure

Vulnerability

Description:

An information disclosure exists in the Windows Common Log File System (CLFS)

driver when it fails to properly handle sandbox checks. An attacker who successfully

exploited this vulnerability could potentially read data outside their expected limits.


then run a specially crafted application.

The security update addresses the vulnerability by correcting how CLFS handles

sandbox checks.

FAQ:



Disclosure





Maximum

Severity

Rating

Vulnerability

Impact


this vulnerability is unauthorized file system access - reading from the file system.

Mitigations:

None

Workarounds:

None

Revision:

1.0 09/10/2019 07:00:00


Affected Software


CVE-2019-1282

Product KB


Restart

Required


CVE-2019-1282

Windows 7

for 32-bit

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows 7

for x64-

based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

(Server

Core

installation)

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes




















CVE-2019-1282

Windows

Server

2008 R2 for

Itanium-

Based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 R2 for

x64-based

Systems

Service

Pack 1

4516033

Security

Only

4516065

Monthly

Rollup


Disclosure 4512506

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2008 for

32-bit

Systems

Service

Pack 2

(Server

4516026

Monthly

Rollup

4516051

Security

Only


Disclosure 4512476

Base: 5.5

Temporal: 5

Vector:


C

Yes




















CVE-2019-1282

Core

installation)

Windows

Server

2012

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

Server

2012

(Server

Core

installation)

4516055

Monthly

Rollup

4516062

Security

Only


Disclosure 4512518

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

8.1 for 32-

bit systems

4516064

Security

Only

4516067

Monthly

Rollup


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:


C

Yes

Windows

8.1 for x64-

4516064

Security

Only


Disclosure 4512488

Base: 5.5

Temporal: 5

Vector:

Yes






















Documents

2019 9 11 - blog.nsfocus.net