Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
@绿盟科技 2019 http://www.nsfocus.com
微软发布 9 月补丁修复 81 个安全问题
安全威胁通告
发布时间:2019 年 9 月 11 日
综述
微软于周二发布了 9 月安全更新补丁,修复了 81 个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、.NET
Framework、Active Directory、Adobe Flash Player、ASP.NET、Common Log File System Driver、Microsoft Browsers、Microsoft
Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft
Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Yammer、Project Rome、Servicing Stack
@绿盟科技 2019 http://www.nsfocus.com
Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Visual Studio、Windows Hyper-V、Windows Kernel
以及 Windows RDP。
相关信息如下:
产品 CVE 编号 CVE 标题 严重程度
.NET Core CVE-2019-1301 .NET Core 拒绝服务漏洞 Important
.NET Framework CVE-2019-1142 .NET Framework 特权提升漏洞 Important
Active Directory CVE-2019-1273 Active Directory Federation
Services XSS Vulnerability Important
Adobe Flash Player ADV190022 September 2019 Adobe Flash
安全更新 Critical
ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of
Privilege Vulnerability Important
@绿盟科技 2019 http://www.nsfocus.com
Common Log File System Driver CVE-2019-1214
Windows Common Log File
System Driver 特权提升漏洞 Important
Common Log File System Driver CVE-2019-1282
Windows Common Log File
System Driver 信息泄露漏洞 Important
Microsoft Browsers CVE-2019-1220 Microsoft Browser 安全功能绕
过漏洞
Important
Microsoft Edge CVE-2019-1299
Microsoft Edge based on Edge
HTML 信息泄露漏洞 Important
Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange 拒绝服务漏
洞
Important
Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange 欺骗漏洞 Important
@绿盟科技 2019 http://www.nsfocus.com
Microsoft Graphics Component CVE-2019-1216 DirectX 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1244 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1245 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1251 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1252 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1283 Microsoft Graphics Components
信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1284 DirectX 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1286 Windows GDI 信息泄露漏洞 Important
@绿盟科技 2019 http://www.nsfocus.com
Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft JET Database Engine CVE-2019-1241 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft JET Database Engine CVE-2019-1242 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft JET Database Engine CVE-2019-1243 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft JET Database Engine CVE-2019-1246 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft JET Database Engine CVE-2019-1247 Jet Database Engine 远程代码执
行漏洞
Important
@绿盟科技 2019 http://www.nsfocus.com
Microsoft JET Database Engine CVE-2019-1248 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft JET Database Engine CVE-2019-1249 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft JET Database Engine CVE-2019-1250 Jet Database Engine 远程代码执
行漏洞
Important
Microsoft Office CVE-2019-1297 Microsoft Excel 远程代码执行漏
洞
Important
Microsoft Office CVE-2019-1263 Microsoft Excel 信息泄露漏洞 Important
Microsoft Office CVE-2019-1264 Microsoft Office 安全功能绕过
漏洞
Important
@绿盟科技 2019 http://www.nsfocus.com
Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint 远程代码
执行漏洞
Critical
Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint 欺骗漏洞 Moderate
Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint 特权提升
漏洞
Important
Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS
Vulnerability Important
Microsoft Office SharePoint CVE-2019-1295 Microsoft SharePoint 远程代码
执行漏洞
Critical
@绿盟科技 2019 http://www.nsfocus.com
Microsoft Office SharePoint CVE-2019-1296 Microsoft SharePoint 远程代码
执行漏洞
Critical
Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine 内存破
坏漏洞
Moderate
Microsoft Scripting Engine CVE-2019-1208 VBScript 远程代码执行漏洞 Critical
Microsoft Scripting Engine CVE-2019-1217 Chakra Scripting Engine 内存破
坏漏洞
Critical
Microsoft Scripting Engine CVE-2019-1221 Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-1236 VBScript 远程代码执行漏洞 Critical
@绿盟科技 2019 http://www.nsfocus.com
Microsoft Scripting Engine CVE-2019-1237 Chakra Scripting Engine 内存破
坏漏洞
Critical
Microsoft Scripting Engine CVE-2019-1298 Chakra Scripting Engine 内存破
坏漏洞
Moderate
Microsoft Scripting Engine CVE-2019-1300 Chakra Scripting Engine 内存破
坏漏洞
Critical
Microsoft Windows CVE-2019-1215 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1219 Windows Transaction Manager
信息泄露漏洞 Important
Microsoft Windows CVE-2019-1267
Microsoft Compatibility
Appraiser 特权提升漏洞 Important
@绿盟科技 2019 http://www.nsfocus.com
Microsoft Windows CVE-2019-1268 Winlogon 特权提升漏洞 Important
Microsoft Windows CVE-2019-1269 Windows ALPC 特权提升漏洞 Important
Microsoft Windows CVE-2019-1270
Microsoft Windows Store
Installer 特权提升漏洞 Important
Microsoft Windows CVE-2019-1271 Windows Media 特权提升漏洞 Important
Microsoft Windows CVE-2019-1272 Windows ALPC 特权提升漏洞 Important
Microsoft Windows CVE-2019-1235
Windows Text Service
Framework 特权提升漏洞 Important
Microsoft Windows CVE-2019-1253 Windows 特权提升漏洞 Important
@绿盟科技 2019 http://www.nsfocus.com
Microsoft Windows CVE-2019-1277 Windows Audio Service 特权提
升漏洞
Important
Microsoft Windows CVE-2019-1278 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1280 LNK 远程代码执行漏洞 Critical
Microsoft Windows CVE-2019-1287
Windows Network Connectivity
Assistant 特权提升漏洞 Important
Microsoft Windows CVE-2019-1289
Windows Update Delivery
Optimization 特权提升漏洞 Important
Microsoft Windows CVE-2019-1292 Windows 拒绝服务漏洞 Important
@绿盟科技 2019 http://www.nsfocus.com
Microsoft Windows CVE-2019-1294 Windows Secure Boot 安全功能
绕过漏洞
Important
Microsoft Windows CVE-2019-1303 Windows 特权提升漏洞 Important
Microsoft Yammer CVE-2019-1265 Microsoft Yammer 安全功能绕
过漏洞
Important
Project Rome CVE-2019-1231 Rome SDK 信息泄露漏洞 Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 信息泄露漏洞 Important
Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-
site Scripting Vulnerability Important
@绿盟科技 2019 http://www.nsfocus.com
Team Foundation Server CVE-2019-1306
Azure DevOps and Team
Foundation Server 远程代码执
行漏洞
Critical
Visual Studio CVE-2019-1232
Diagnostics Hub Standard
Collector Service 特权提升漏洞 Important
Windows Hyper-V CVE-2019-0928 Windows Hyper-V 拒绝服务漏
洞
Important
Windows Hyper-V CVE-2019-1254 Windows Hyper-V 信息泄露漏
洞
Important
Windows Kernel CVE-2019-1274 Windows Kernel 信息泄露漏洞 Important
Windows Kernel CVE-2019-1256 Win32k 特权提升漏洞 Important
@绿盟科技 2019 http://www.nsfocus.com
Windows Kernel CVE-2019-1285 Win32k 特权提升漏洞 Important
Windows Kernel CVE-2019-1293 Windows SMB Client Driver 信
息泄露漏洞
Important
Windows RDP CVE-2019-0787 Remote Desktop Client 远程代
码执行漏洞
Critical
Windows RDP CVE-2019-0788 Remote Desktop Client 远程代
码执行漏洞
Critical
Windows RDP CVE-2019-1290 Remote Desktop Client 远程代
码执行漏洞
Critical
Windows RDP CVE-2019-1291 Remote Desktop Client 远程代
码执行漏洞
Critical
@绿盟科技 2019 http://www.nsfocus.com
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。
@绿盟科技 2019 http://www.nsfocus.com
附件
ADV190022 - September 2019 Adobe Flash Security Update
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
ADV19002
2
MITRE
NVD
CVE Title: September 2019 Adobe Flash Security Update
Description:
This security update addresses the following vulnerability, which is described in Adobe Security
Bulletin APSB19-46: CVE-2019-8069 and CVE-2019-8070.
.
FAQ:
How could an attacker exploit these vulnerabilities? In a web-based attack scenario where
the user is using Internet Explorer for the desktop, an attacker could host a specially crafted
website that is designed to exploit any of these vulnerabilities through Internet Explorer and
then convince a user to view the website. An attacker could also embed an ActiveX control
marked "safe for initialization" in an application or Microsoft Office document that hosts the IE
Critical
Remote
Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
rendering engine. The attacker could also take advantage of compromised websites and
websites that accept or host user-provided content or advertisements. These websites could
contain specially crafted content that could exploit any of these vulnerabilities. In all cases,
however, an attacker would have no way to force users to view the attacker-controlled content.
Instead, an attacker would have to convince users to take action, typically by clicking a link in
an email message or in an Instant Messenger message that takes users to the attacker's
website, or by opening an attachment sent through email.
In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-
style UI, an attacker would first need to compromise a website already listed in the
Compatibility View (CV) list. An attacker could then host a website that contains specially
crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer
and then convince a user to view the website. An attacker would have no way to force users to
view the attacker-controlled content. Instead, an attacker would have to convince users to take
action, typically by clicking a link in an email message or in an Instant Messenger message that
takes users to the attacker's website, or by opening an attachment sent through email. For
more information about Internet Explorer and the CV List, please see the MSDN Article,
Developer Guidance for websites with content for Adobe Flash Player in Windows 8.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
Mitigations:
Workarounds:
Workaround refers to a setting or configuration change that would help block known attack
vectors before you apply the update.
Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe
Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as
Office 2007 and Office 2010, by setting the kill bit for the control in the registry.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk. To set the kill bit for the control in the registry, perform the following steps:
1. Paste the following into a text file and save it with the .reg file extension.
2. Windows Registry Editor Version 5.00
3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
4. "Compatibility Flags"=dword:00000400
5.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
6. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX
Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
7. "Compatibility Flags"=dword:00000400
8. Double-click the .reg file to apply it to an individual system.
You can also apply this workaround across domains by using Group Policy. For more
information about Group Policy, see the TechNet article, Group Policy collection.
Note You must restart Internet Explorer for your changes to take effect. Impact of
workaround. There is no impact as long as the object is not intended to be used in Internet
Explorer. How to undo the workaround. Delete the registry keys that were added in
implementing this workaround. Prevent Adobe Flash Player from running in Internet
Explorer through Group Policy Note The Group Policy MMC snap-in can be used to set
policy for a machine, for an organizational unit, or for an entire domain. For more information
about Group Policy, visit the following Microsoft Web sites:
Group Policy Overview What is Group Policy Object Editor? Core Group Policy tools and
settings
To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following
steps: Note This workaround does not prevent Flash from being invoked from other
applications, such as Microsoft Office 2007 or Microsoft Office 2010.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
1. Open the Group Policy Management Console and configure the console to work with
the appropriate Group Policy object, such as local machine, OU, or domain GPO.
2. Navigate to the following node: Administrative Templates -> Windows Components
-> Internet Explorer -> Security Features -> Add-on Management
3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications
from using Internet Explorer technology to instantiate Flash objects.
4. Change the setting to Enabled.
5. Click Apply and then click OK to return to the Group Policy Management Console.
6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh
interval for the settings to take effect. Prevent Adobe Flash Player from running in
Office 2010 on affected systems Note This workaround does not prevent Adobe Flash
Player from running in Internet Explorer. Warning If you use Registry Editor incorrectly,
you may cause serious problems that may require you to reinstall your operating
system. Microsoft cannot guarantee that you can solve problems that result from using
Registry Editor incorrectly. Use Registry Editor at your own risk. For detailed steps that
you can use to prevent a control from running in Internet Explorer, see Microsoft
Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility
Flags value in the registry to prevent a COM object from being instantiated in Internet
Explorer.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for
Adobe Flash Player in the registry using the following steps:
1. Create a text file named Disable_Flash.reg with the following contents:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27C
DB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
2. Double-click the .reg file to apply it to an individual system.
3. Note You must restart Internet Explorer for your changes to take effect. You can also
apply this workaround across domains by using Group Policy. For more information
about Group Policy, see the TechNet article, Group Policy collection. Prevent ActiveX
controls from running in Office 2007 and Office 2010
To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including
Adobe Flash Player in Internet Explorer, perform the following steps:
1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without
notifications.
3. Click OK to save your settings. Impact of workaround. Office documents that use
embedded ActiveX controls may not display as intended. How to undo the
workaround.
To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the
following steps:
1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls
without notifications.
3. Click OK to save your settings. Set Internet and Local intranet security zone settings
to "High" to block ActiveX Controls and Active Scripting in these zones You can
help protect against exploitation of these vulnerabilities by changing your settings for
the Internet security zone to block ActiveX controls and Active Scripting. You can do this
by setting your browser security to High.
To raise the browsing security level in Internet Explorer, perform the following steps:
1. On the Internet Explorer Tools menu, click** Internet Option**s.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
2. In the Internet Options dialog box, click the Security tab, and then click Internet.
3. Under Security level for this zone, move the slider to High. This sets the security level
for all websites you visit to High.
4. Click Local intranet.
5. Under Security level for this zone, move the slider to High. This sets the security level
for all websites you visit to High.
6. Click OK to accept the changes and return to Internet Explorer. Note If no slider is
visible, click Default Level, and then move the slider to High. Note Setting the level to
High may cause some websites to work incorrectly. If you have difficulty using a website
after you change this setting, and you are sure the site is safe to use, you can add that
site to your list of trusted sites. This will allow the site to work correctly even with the
security setting set to High. Impact of workaround. There are side effects to blocking
ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use
ActiveX or Active Scripting to provide additional functionality. For example, an online e-
commerce site or banking site may use ActiveX Controls to provide menus, ordering
forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a
global setting that affects all Internet and intranet sites. If you do not want to block
ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites
that you trust to the Internet Explorer Trusted sites zone". Configure Internet Explorer
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
to prompt before running Active Scripting or to disable Active Scripting in the
Internet and Local intranet security zone
You can help protect against exploitation of these vulnerabilities by changing your settings to
prompt before running Active Scripting or to disable Active Scripting in the Internet and Local
intranet security zone. To do this, perform the following steps:
1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Security tab.
3. Click Internet, and then click Custom Level.
4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or
Disable, and then click OK.
5. Click Local intranet, and then click Custom Level.
6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or
Disable, and then click OK.
7. Click OK to return to Internet Explorer, and then click OK again. Note Disabling Active
Scripting in the Internet and Local intranet security zones may cause some websites to
work incorrectly. If you have difficulty using a website after you change this setting, and
you are sure the site is safe to use, you can add that site to your list of trusted sites. This
will allow the site to work correctly. Impact of workaround. There are side effects to
prompting before running Active Scripting. Many websites that are on the Internet or
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
on an intranet use Active Scripting to provide additional functionality. For example, an
online e-commerce site or banking site may use Active Scripting to provide menus,
ordering forms, or even account statements. Prompting before running Active Scripting
is a global setting that affects all Internet and intranet sites. You will be prompted
frequently when you enable this workaround. For each prompt, if you feel you trust the
site that you are visiting, click Yes to run Active Scripting. If you do not want to be
prompted for all these sites, use the steps outlined in "Add sites that you trust to the
Internet Explorer Trusted sites zone". Add sites that you trust to the Internet Explorer
Trusted sites zone After you set Internet Explorer to require a prompt before it runs
ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone,
you can add sites that you trust to the Internet Explorer Trusted sites zone. This will
allow you to continue to use trusted websites exactly as you do today, while helping to
protect you from this attack on untrusted sites. We recommend that you add only sites
that you trust to the Trusted sites zone.
To do this, perform the following steps:
1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
2. In the Select a web content zone to specify its current security settings box, click
Trusted Sites, and then click Sites.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximu
m
Severity
Rating
Vulnerabilit
y Impact
3. If you want to add sites that do not require an encrypted channel, click to clear the
Require server verification (https:) for all sites in this zone check box.
4. In the Add this website to the zone box, type the URL of a site that you trust, and then
click Add.
5. Repeat these steps for each site that you want to add to the zone.
6. Click OK two times to accept the changes and return to Internet Explorer. Note Add any
sites that you trust not to take malicious action on your system. Two sites in particular
that you may want to add are *.windowsupdate.microsoft.com and
*.update.microsoft.com. These are the sites that will host the update, and they require
an ActiveX control to install the update.
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
ADV190022
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Adobe Flash Player on Windows Server
2012
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for
32-bit systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for
x64-based systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server
2012 R2
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows RT 8.1 4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV190022
Adobe Flash Player on Windows 10 for
32-bit Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for
x64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server
2016
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1607 for 32-bit Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1607 for x64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1703 for 32-bit Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal: Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV190022
N/A
Vector: N/A
Adobe Flash Player on Windows 10
Version 1703 for x64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1709 for 32-bit Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1709 for x64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1803 for 32-bit Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1803 for x64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV190022
Adobe Flash Player on Windows 10
Version 1803 for ARM64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1809 for 32-bit Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1809 for x64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1809 for ARM64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server
2019
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1709 for ARM64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal: Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV190022
N/A
Vector: N/A
Adobe Flash Player on Windows 10
Version 1903 for 32-bit Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1903 for x64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10
Version 1903 for ARM64-based Systems
4516115
Security Update Critical
Remote Code
Execution 4503308
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001 - Latest Servicing Stack Updates
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
ADV990001
MITRE
NVD
CVE Title: Latest Servicing Stack Updates
Description:
This is a list of the latest servicing stack updates for each operating system. This list will
be updated whenever a new servicing stack update is released. It is important to install
the latest servicing stack update.
FAQ:
1. Why are all of the Servicing Stack Updates (SSU) critical updates?
The SSUs are classified as Critical updates. This does not indicate that there is a critical
vulnerability being addressed in the update.
2. When was the most recent SSU released for each version of Microsoft
Windows?
Please refer to the following table for the most recent SSU release. We will update the
entries any time a new SSU is released:
Critical Defense in
Depth
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Product SSU Package Date Released
Windows Server 2008 4517134 September 2019
Windows 7/Server 2008 R2 4516655 September 2019
Windows Server 2012 4512939 September 2019
Windows 8.1/Server 2012 R2 4512938 September 2019
Windows 10 4512573 September 2019
Windows 10 Version 1607/Server 2016 4512574 September 2019
Windows 10 Version 1703 4511839 September 2019
Windows 10 1709 4512575 September 2019
Windows 10 1803/Windows Server, version 1803 4512576 September 2019
Windows 10 1809/Server 2019 4512577 September 2019
Windows 10 1903/Windows Server, version 1903 4515383 September 2019
Mitigations:
None
Workarounds:
None
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
9.0 06/11/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 version 1607, Windows
Server 2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section
for more information.
10.0 06/14/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 version 1903 and
Windows Server, version 1903 (Server Core installation). See the FAQ section for more
information.
12.0 07/24/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 Version 1809 and
Windows Server 2019. See the FAQ section for more information.
8.0 05/14/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10
version 1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version
1709, Windows Server, version 1709, Windows 10 version 1803, Windows Server,
version 1803, Windows 10 version 1809, Windows Server 2019, Windows 10 version
1809 and Windows Server, version 1809. See the FAQ section for more information.
1.2 12/03/2018 08:00:00
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQs have been added to further explain Security Stack Updates. The FAQs include a
table that indicates the most recent SSU release for each Windows version. This is an
informational change only.
3.2 12/12/2018 08:00:00
Fixed a typo in the FAQ.
7.0 04/09/2019 07:00:00
A Servicing Stack Update has been released for Windows Server 2008 and Windows
Server 2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019,
and Windows Server 2019 (Server Core installation). See the FAQ section for more
information.
3.1 12/11/2018 08:00:00
Updated supersedence information. This is an informational change only.
6.0 03/12/2019 07:00:00
A Servicing Stack Update has been released for Windows 7 and Windows Server 2008
R2 and Windows Server 2008 R2 (Server Core installation). See the FAQ section for
more information.
1.1 11/14/2018 08:00:00
Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an
informational change only.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
1.0 11/13/2018 08:00:00
Information published.
13.0 07/26/2019 07:00:00
A Servicing Stack Update has been released for Windows 10 version 1903 and
Windows Server, version 1903 (Server Core installation). See the FAQ section for more
information.
4.0 01/08/2019 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1703. See the
FAQ section for more information.
5.1 02/13/2019 08:00:00
In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows
10 Version 1809 for x64-based Systems to 4470788. This is an informational change
only.
14.0 09/10/2019 07:00:00
A Servicing Stack Update has been released for all supported versions of Windows. See
the FAQ section for more information.
3.0 12/11/2018 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1709, Windows
Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Windows Server, version 1803 (Server Core Installation). See the FAQ section for more
information.
5.0 02/12/2019 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1607, Windows
Server 2016, and Windows Server 2016 (Server Core installation); Windows 10 Version
1703; Windows 10 Version 1709 and Windows Server, version 1709 (Server Core
Installation); Windows 10 Version 1803, and Windows Server, version 1803 (Server
Core Installation). See the FAQ section for more information.
2.0 12/05/2018 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1809 and
Windows Server 2019. See the FAQ section for more information.
11.0 07/09/2019 07:00:00
A Servicing Stack Update has been released for all supported versions of Windows 10
(including Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2
and Windows Server 2012. See the FAQ section for more information.
5.2 02/14/2019 08:00:00
In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows
10 Version 1803 for x64-based Systems to 4485449. This is an informational change
only.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
ADV990001
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Windows 7 for 32-bit Systems Service Pack 1 4516655 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 7 for x64-based Systems Service
Pack 1
4516655 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 R2 for x64-based
Systems Service Pack 1 (Server Core
installation)
4516655 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 R2 for Itanium-Based
Systems Service Pack 1
4516655 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001
Windows Server 2008 R2 for x64-based
Systems Service Pack 1
4516655 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for 32-bit Systems
Service Pack 2 (Server Core installation)
4517134 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012 4512939 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012 (Server Core
installation)
4512939 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 8.1 for 32-bit systems 4512938 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 8.1 for x64-based systems 4512938 Servicing
Stack Update Critical
Defense in
Depth Base: N/A
Temporal: Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001
N/A
Vector: N/A
Windows Server 2012 R2 4512938 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012 R2 (Server Core
installation)
4512938 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 for 32-bit Systems 4512573 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 for x64-based Systems 4512573 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2016 4512574 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001
Windows 10 Version 1607 for 32-bit Systems 4512574 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1607 for x64-based
Systems
4512574 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2016 (Server Core
installation)
4512574 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1703 for 32-bit Systems 4511839 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1703 for x64-based
Systems
4511839 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for 32-bit Systems 4512575 Servicing
Stack Update Critical
Defense in
Depth Base: N/A
Temporal: Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001
N/A
Vector: N/A
Windows 10 Version 1709 for x64-based
Systems
4512575 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for 32-bit Systems 4512576 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based
Systems
4512576 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server, version 1803 (Server Core
Installation)
4512576 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for ARM64-based
Systems
4512576 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001
Windows 10 Version 1809 for 32-bit Systems 4512577 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1809 for x64-based
Systems
4512577 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1809 for ARM64-based
Systems
4512577 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2019 4512577 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2019 (Server Core
installation)
4512577 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for ARM64-based
Systems
4512575 Servicing
Stack Update Critical
Defense in
Depth Base: N/A
Temporal: Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001
N/A
Vector: N/A
Windows 10 Version 1903 for 32-bit Systems 4515383 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1903 for x64-based
Systems
4515383 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1903 for ARM64-based
Systems
4515383 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server, version 1903 (Server Core
installation)
4515383 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for Itanium-Based
Systems Service Pack 2
4517134 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
ADV990001
Windows Server 2008 for 32-bit Systems
Service Pack 2
4517134 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems
Service Pack 2
4517134 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems
Service Pack 2 (Server Core installation)
4517134 Servicing
Stack Update Critical
Defense in
Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0787 - Remote Desktop Client Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
0787
MITRE
NVD
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client
when a user connects to a malicious server. An attacker who successfully exploited this
vulnerability could execute arbitrary code on the computer of the connecting client. An
attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
To exploit this vulnerability, an attacker would need to have control of a server and then
convince a user to connect to it. An attacker would have no way of forcing a user to
connect to the malicious server, they would need to trick the user into connecting via
social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An
attacker could also compromise a legitimate server, host malicious code on it, and wait
for the user to connect.
Critical Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting how the Windows Remote
Desktop Client handles connection requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0787
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
7 for 32-
bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
7 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for
4516064
Security
Only
Critical
Remote
Code
Execution
4512488 Base: 7.5
Temporal: 6.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0787
x64-based
systems
4516067
Monthly
Rollup
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for
x64-based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
4516044
Security
Update
Critical
Remote
Code
Execution
4512517 Base: 7.5
Temporal: 6.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0787
x64-based
Systems
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0787
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0787
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0787
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-0788 - Remote Desktop Client Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
Description: Critical
Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
0788
MITRE
NVD
A remote code execution vulnerability exists in the Windows Remote Desktop Client
when a user connects to a malicious server. An attacker who successfully exploited this
vulnerability could execute arbitrary code on the computer of the connecting client. An
attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
To exploit this vulnerability, an attacker would need to have control of a server and then
convince a user to connect to it. An attacker would have no way of forcing a user to
connect to the malicious server, they would need to trick the user into connecting via
social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An
attacker could also compromise a legitimate server, host malicious code on it, and wait
for the user to connect.
The update addresses the vulnerability by correcting how the Windows Remote
Desktop Client handles connection requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0788
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
8.1 for 32-
bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0788
Windows
8.1 for
x64-based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for
x64-based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0788
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
4516066
Security
Update
Critical
Remote
Code
Execution
4512516 Base: 7.5
Temporal: 6.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0788
x64-based
Systems
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0788
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0788
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-0928 - Windows Hyper-V Denial of Service Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
0928
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to
properly validate input from a privileged user on a guest operating system. To exploit
Important Denial of
Service
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
the vulnerability, an attacker who already has a privileged account on a guest operating
system, running as a virtual machine, could run a specially crafted application that
causes a host machine to crash.
To exploit the vulnerability, an attacker who already has a privileged account on a guest
operating system, running as a virtual machine, could run a specially crafted application.
The security update addresses the vulnerability by resolving a number of conditions
where Hyper-V would fail to prevent a guest operating system from sending malicious
requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0928
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Denial
of
Service
4512497
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Denial
of
Service
4512517
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Denial
of
Service
4512517
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Denial
of
Service
4512517 Base: 5.4
Temporal: 4.9 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-0928
(Server Core
installation)
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Denial
of
Service
4512507
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Denial
of
Service
4512516
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Denial
of
Service
4512501
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803 (Server
Core
Installation)
4516058
Security
Update
Important
Denial
of
Service
4512501
Base: 5.4
Temporal: 4.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138 - Chakra Scripting Engine Memory Corruption
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1138
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory
in such a way that an attacker could execute arbitrary code in the context of the current
user. An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. If the current user is logged on with administrative user
rights, an attacker who successfully exploited the vulnerability could take control of an
affected system. An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Microsoft Edge and then convince a user
to view the website. The attacker could also take advantage of compromised websites
and websites that accept or host user-provided content or advertisements. These
websites could contain specially crafted content that could exploit the vulnerability.
Moderate Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The security update addresses the vulnerability by modifying how the Chakra scripting
engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1607 for
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
Windows 10
Version
1709 for 32-
bit Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
Windows 10
Version
1809 for 32-
bit Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
1903 for 32-
bit Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1138
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
CVE-2019-1142 - .NET Framework Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1142
MITRE
NVD
CVE Title: .NET Framework Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the .NET Framework common
language runtime (CLR) allows file creation in arbitrary locations. An attacker who
successfully exploited this vulnerability could write files to folders that require higher
privileges than what the attacker already has.
To exploit the vulnerability, an attacker would need to log into a system. The attacker
could then specify the targeted folder and trigger an affected process to run.
The update addresses the vulnerability correcting how the .NET Framework CLR process
logs data.
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
There are two updates for .NET Framework 3.5 installed on Windows 10 version
1809 and Windows Server 2019. How do I know which update I need to install?
The security updates for Windows 10 version 1809 and Windows Server 2019 include
both .NET Framework 3.5 and 4.7.2 or 4.8. Customers running these versions of
Windows 10 need to determine if they are also running .NET Framework 4.7.2 or .NET
Framework 4.8. Install the security update that includes that second version of .NET
Framework.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1142
Product KB Article Severity Impact Supersedence CVSS
Score Set
Restart
Required
Microsoft .NET Framework 4.5.2 on Windows Server
2012
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2012 (Server Core installation)
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for
32-bit systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 4.5.2 on Windows 8.1 for
x64-based systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2012 R2
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows RT 8.1
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2012 R2 (Server Core installation)
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012
4514598
Security Only
4514603
Monthly
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Rollup
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012 (Server Core installation)
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for
32-bit systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for
x64-based systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012 R2
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1
4514604
Monthly Important
Elevation of
Privilege Base: N/A
Temporal: Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Rollup N/A
Vector: N/A
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012 R2 (Server Core installation)
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server
2012
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server
2012 (Server Core installation)
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 8.1 for
32-bit systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 4.8 on Windows 8.1 for
x64-based systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server
2012 R2
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows RT 8.1
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server
2012 R2 (Server Core installation)
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server
2016
4514354
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 4.8 on Windows 10
Version 1607 for 32-bit Systems
4514354
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10
Version 1607 for x64-based Systems
4514354
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server
2016 (Server Core installation)
4514354
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10
Version 1703 for 32-bit Systems
4514355
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10
Version 1703 for x64-based Systems
4514355
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10
Version 1709 for 32-bit Systems
4514356
Security
Update
Important Elevation of
Privilege Base: N/A
Temporal: Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
N/A
Vector: N/A
Microsoft .NET Framework 4.8 on Windows 10
Version 1709 for x64-based Systems
4514356
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10
Version 1803 for 32-bit Systems
4514357
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows 10
Version 1803 for x64-based Systems
4514357
Security
Update
Important Elevation of
Privilege
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.8 on Windows Server,
version 1803 (Server Core Installation)
4516058
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 AND 4.8 on Windows
10 Version 1809 for 32-bit Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 3.5 AND 4.8 on Windows
10 Version 1809 for x64-based Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows
Server 2019
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows
Server 2019 (Server Core installation)
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows
10 Version 1903 for 32-bit Systems
4514359
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows
10 Version 1903 for x64-based Systems
4514359
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.8 on Windows
Server, version 1903 (Server Core installation)
4514359
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal: Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
N/A
Vector: N/A
Microsoft .NET Framework 3.5 AND 4.7.2 on
Windows 10 Version 1809 for 32-bit Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.7.2 on
Windows 10 Version 1809 for x64-based Systems
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.7.2 on
Windows Server 2019
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 AND 4.7.2 on
Windows Server 2019 (Server Core installation)
4514601
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2012
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 3.5 on Windows Server
2012 (Server Core installation)
4514598
Security Only
4514603
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for
32-bit systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for
x64-based systems
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2012 R2
4514599
Security Only
4514604
Monthly
Rollup
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2012 R2 (Server Core installation)
4514599
Security Only
4514604
Important Elevation of
Privilege 4512501
Base: N/A
Temporal: Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Monthly
Rollup
N/A
Vector: N/A
Microsoft .NET Framework 3.5 on Windows 10 for
32-bit Systems
4516070
Security
Update
Important Elevation of
Privilege 4512497
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 for
x64-based Systems
4516070
Security
Update
Important Elevation of
Privilege 4512497
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server
2016
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1607 for 32-bit Systems
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1607 for x64-based Systems
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
Microsoft .NET Framework 3.5 on Windows Server
2016 (Server Core installation)
4516044
Security
Update
Important Elevation of
Privilege 4512517
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1703 for 32-bit Systems
4516068
Security
Update
Important Elevation of
Privilege 4512507
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1703 for x64-based Systems
4516068
Security
Update
Important Elevation of
Privilege 4512507
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1709 for 32-bit Systems
4516066
Security
Update
Important Elevation of
Privilege 4512516
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1709 for x64-based Systems
4516066
Security
Update
Important Elevation of
Privilege 4512516
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1803 for 32-bit Systems
4516058
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal: Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1142
N/A
Vector: N/A
Microsoft .NET Framework 3.5 on Windows 10
Version 1803 for x64-based Systems
4516058
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server,
version 1803 (Server Core Installation)
4516058
Security
Update
Important Elevation of
Privilege 4512501
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
CVE-2019-1208 - VBScript Remote Code Execution Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1208
MITRE
NVD
CVE Title: VBScript Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in the way that the VBScript engine
handles objects in memory. The vulnerability could corrupt memory in such a way that
an attacker could execute arbitrary code in the context of the current user. An attacker
Critical Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
who successfully exploited the vulnerability could gain the same user rights as the
current user. If the current user is logged on with administrative user rights, an attacker
who successfully exploited the vulnerability could take control of an affected system. An
attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Internet Explorer and then convince a user
to view the website. An attacker could also embed an ActiveX control marked "safe for
initialization" in an application or Microsoft Office document that hosts the IE rendering
engine. The attacker could also take advantage of compromised websites and websites
that accept or host user-provided content or advertisements. These websites could
contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1208
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Internet
Explorer
9 on
Windows
Server
2008 for
32-bit
4516026
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
Systems
Service
Pack 2
Internet
Explorer
9 on
Windows
Server
2008 for
x64-
based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
7 for 32-
bit
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
Internet
Explorer
11 on
Windows
7 for
x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2008 R2
for x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
Internet
Explorer
11 on
Windows
Server
2012
4516046 IE
Cumulative Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
32-bit
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
x64-
based
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
Internet
Explorer
11 on
Windows
Server
2012 R2
4516067
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
32-bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
x64-
based
Systems
Internet
Explorer
11 on
Windows
Server
2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
Version
1607 for
x64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1703 for
32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1703 for
x64-
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1709 for
32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1709 for
x64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
Internet
Explorer
11 on
Windows
10
Version
1803 for
32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1803 for
x64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
10
Version
1803 for
ARM64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1809 for
32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1809 for
x64-
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
Version
1709 for
ARM64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1903 for
x64-
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1208
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
10 on
Windows
Server
2012
4516055
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1209 - Lync 2013 Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1209
MITRE
NVD
CVE Title: Lync 2013 Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it
could read arbitrary files on the victim's machine. Â To exploit the vulnerability, an
attacker needs to instantiate a conference and modify the meeting link with malicious
content and send the link to a victim.
The update addresses the vulnerability by changing how the URL is being resolved.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is unauthorized file system access - reading from the file system.
Mitigations:
None
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1209
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Lync Server
2013
4515509 Security
Update Important
Information
Disclosure
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214 - Windows Common Log File System Driver Elevation of
Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1214
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege
Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows Common Log File
System (CLFS) driver improperly handles objects in memory. An attacker who
successfully exploited this vulnerability could run processes in an elevated context.
To exploit the vulnerability, an attacker would first have to log on to the system, and
then run a specially crafted application to take control over the affected system.
The security update addresses the vulnerability by correcting how CLFS handles
objects in memory.
FAQ:
None
Mitigations:
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1214
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Rollup
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Service Pack
1
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Rollup
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803 (Server
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Core
Installation)
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903 (Server
Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
4516026
Monthly
Rollup
4516051
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1214
Service Pack
2
Security
Only
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215 - Windows Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1215
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock)
handles objects in memory. An attacker who successfully exploited the vulnerability
could execute code with elevated privileges.
To exploit the vulnerability, a locally authenticated attacker could run a specially
crafted application.
The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1215
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
4516033
Security
Only
4516065
Monthly
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
4516033
Security
Only
4516065
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Systems
Service Pack
1
Monthly
Rollup
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803 (Server
Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
4516058
Security
Update
Important
Elevation
of
Privilege
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
ARM64-
based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
based
Systems
Windows
Server,
version
1903 (Server
Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1215
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1216 - DirectX Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1216
MITRE
NVD
CVE Title: DirectX Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectX improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could
obtain information to further compromise the user’s system.
An authenticated attacker could exploit this vulnerability by running a specially
crafted application.
The update addresses the vulnerability by correcting how DirectX handles objects in
memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is the contents of Kernel memory. An attacker could read the
contents of Kernel memory from a user mode process.
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1216
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1216
Rollup
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server
2008 R2 for
Itanium-
Based
Systems
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1216
Service
Pack 1
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server
2012
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server
2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1216
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server
2012 R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1216
Windows
Server
2012 R2
(Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
10 for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server
2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1216
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
Server
2016
(Server
Core
installation)
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5.1
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1217 - Chakra Scripting Engine Memory Corruption
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1217
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory
in such a way that an attacker could execute arbitrary code in the context of the current
user. An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. If the current user is logged on with administrative user
rights, an attacker who successfully exploited the vulnerability could take control of an
affected system. An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Microsoft Edge and then convince a user
to view the website. The attacker could also take advantage of compromised websites
and websites that accept or host user-provided content or advertisements. These
websites could contain specially crafted content that could exploit the vulnerability.
Critical Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The security update addresses the vulnerability by modifying how the Chakra scripting
engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1217
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1217
Windows 10
Version
1803 for
ARM64-
based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1217
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1217
1903 for 32-
bit Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1217
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
CVE-2019-1219 - Windows Transaction Manager Information Disclosure
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1219
MITRE
NVD
CVE Title: Windows Transaction Manager Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows Transaction Manager
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could potentially read data that was not intended to be disclosed.
To exploit the vulnerability, an attacker would first have to log on to the system, and
then run a specially crafted application.
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The security update addresses the vulnerability by correcting how the Transaction
Manager handles objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1219
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
4516033
Security
Only
4516065
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
Systems
Service
Pack 1
(Server
Core
installation)
Monthly
Rollup
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2008 R2 for
Itanium-
Based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
4516026
Monthly Important
Information
Disclosure 4512476
Base: 5.5
Temporal: 5 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
2008 for
32-bit
Systems
Service
Pack 2
(Server
Core
installation)
Rollup
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2012
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
4516067
Monthly
Rollup
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012 R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012 R2
4516064
Security
Only
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
(Server
Core
installation)
4516067
Monthly
Rollup
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
(Server
Core
installation)
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
4516066
Security Important
Information
Disclosure 4512516
Base: 5.5
Temporal: 5 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
1709 for
32-bit
Systems
Update Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1803
(Server
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
Core
Installation
)
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
ARM64-
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
based
Systems
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
(Server
Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
32-bit
Systems
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
4516026
Monthly
Rollup
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
Itanium-
Based
Systems
Service
Pack 2
4516051
Security
Only
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
x64-based
4516026
Monthly
Rollup
4516051
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1219
Systems
Service
Pack 2
(Server
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
CVE-2019-1220 - Microsoft Browser Security Feature Bypass
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1220
MITRE
NVD
CVE Title: Microsoft Browser Security Feature Bypass Vulnerability
Description:
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate
the correct Security Zone of requests for specific URLs. This could allow an attacker to
cause a user to access a URL in a less restricted Internet Security Zone than intended.
Important Security Feature
Bypass
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
To exploit this vulnerability, an attacker could email or otherwise provide a specially
crafted URL to a victim and convince them to click on it.
The security update addresses the vulnerability by correcting security feature behavior
to properly map affected URLs to the correct Security Zone.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
Product KB Article Severity Impact Supersedenc
e CVSS Score Set
Restart
Require
d
Internet
Explorer 9
on Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516046 IE
Cumulativ
e
Low
Securit
y
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 9
on Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516046 IE
Cumulativ
e
Low
Securit
y
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
4516065
Monthly
Rollup
Importan
t
Securit
y 4511872
Base: 4.3
Temporal: 3.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
7 for 32-bit
Systems
Service Pack
1
4516046 IE
Cumulativ
e
Feature
Bypass
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Internet
Explorer 11
on Windows
7 for x64-
based
Systems
Service Pack
1
4516065
Monthly
Rollup
4516046 IE
Cumulativ
e
Importan
t
Securit
y
Feature
Bypass
4511872
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516065
Monthly
Rollup
4516046 IE
Cumulativ
e
Low
Securit
y
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
4516046 IE
CumulativLow
Securit
y 4511872
Base: 2.4
Temporal: 2.2 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
on Windows
Server 2012
e Feature
Bypass
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Internet
Explorer 11
on Windows
8.1 for 32-
bit systems
4516067
Monthly
Rollup
4516046 IE
Cumulativ
e
Importan
t
Securit
y
Feature
Bypass
4511872
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
8.1 for x64-
based
systems
4516067
Monthly
Rollup
4516046 IE
Cumulativ
e
Importan
t
Securit
y
Feature
Bypass
4511872
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
Server 2012
R2
4516067
Monthly
Rollup
4516046 IE
Cumulativ
e
Low
Securit
y
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
4516067
Monthly
Rollup
Importan
t
Securit
y 4512488
Base: 4.3
Temporal: 3.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
on Windows
RT 8.1
Feature
Bypass
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Internet
Explorer 11
on Windows
10 for 32-
bit Systems
4516070
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 for x64-
based
Systems
4516070
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
Server 2016
4516044
Security
Update
Low
Securit
y
Feature
Bypass
4512517
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1607 for 32-
bit Systems
4516044
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
Internet
Explorer 11
on Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
1703 for 32-
bit Systems
4516068
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
4516066
Security
Update
Importan
t
Securit
y 4512516
Base: 4.3
Temporal: 3.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
10 Version
1709 for 32-
bit Systems
Feature
Bypass
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Internet
Explorer 11
on Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
1803 for 32-
bit Systems
4516058
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
Internet
Explorer 11
on Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
1809 for 32-
bit Systems
4512578
Security
Update
Importan
t
Securit
y
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Importan
t
Securit
y
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
4512578
Security
Importan
t
Securit
y 4511553
Base: 4.3
Temporal: 3.9 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
on Windows
10 Version
1809 for
ARM64-
based
Systems
Update Feature
Bypass
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Internet
Explorer 11
on Windows
Server 2019
4512578
Security
Update
Low
Securit
y
Feature
Bypass
4511553
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet
Explorer 11
on Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
4515384
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
1903 for 32-
bit Systems
Internet
Explorer 11
on Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 11
on Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:
C
Yes
Internet
Explorer 10
on Windows
Server 2012
4516055
Monthly
Rollup
4516046 IE
Cumulativ
e
Low
Securit
y
Feature
Bypass
4511872
Base: 2.4
Temporal: 2.2
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
for 32-bit
Systems
4516070
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
for x64-
based
Systems
4516070
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512497
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2016
4516044
Security
Update
Low
Securit
y
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
4516044
Security
Importan
t
Securit
y 4512517
Base: 4.3
Temporal: 3.9 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
(EdgeHTML-
based) on
Windows 10
Version
1607 for 32-
bit Systems
Update Feature
Bypass
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512517
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512507
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
4516066
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
1709 for
x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512501
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
4516058
Security
Update
Importan
t
Securit
y 4512501
Base: 4.3
Temporal: 3.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
based) on
Windows 10
Version
1803 for
ARM64-
based
Systems
Feature
Bypass
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Importan
t
Securit
y
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
4512578
Security
Update
Importan
t
Securit
y
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Importan
t
Securit
y
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Low
Securit
y
Feature
Bypass
4511553
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
4516066
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512516
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
Version
1709 for
ARM64-
based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1220
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Importan
t
Securit
y
Feature
Bypass
4512508
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:
C
Yes
CVE-2019-1221 - Scripting Engine Memory Corruption Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1221
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Internet Explorer. The vulnerability could corrupt memory
in such a way that an attacker could execute arbitrary code in the context of the current
Critical Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
user. An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. If the current user is logged on with administrative user
rights, an attacker who successfully exploited the vulnerability could take control of an
affected system. An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Internet Explorer and then convince a user
to view the website. An attacker could also embed an ActiveX control marked "safe for
initialization" in an application or Microsoft Office document that hosts the IE rendering
engine. The attacker could also take advantage of compromised websites and websites
that accept or host user-provided content or advertisements. These websites could
contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1221
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Internet
Explorer
11 on
Windows
7 for 32-
bit
Systems
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
Service
Pack 1
Internet
Explorer
11 on
Windows
7 for
x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2008 R2
for x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
Internet
Explorer
11 on
Windows
Server
2012
4516046 IE
Cumulative Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
32-bit
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
x64-
based
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
Internet
Explorer
11 on
Windows
Server
2012 R2
4516067
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
32-bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
x64-
based
Systems
Internet
Explorer
11 on
Windows
Server
2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
Version
1607 for
x64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1703 for
32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1703 for
x64-
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1709 for
32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1709 for
x64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
Internet
Explorer
11 on
Windows
10
Version
1803 for
32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1803 for
x64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
10
Version
1803 for
ARM64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1809 for
32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1809 for
x64-
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
Version
1709 for
ARM64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1903 for
x64-
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1221
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1231 - Rome SDK Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1231
CVE Title: Rome SDK Information Disclosure Vulnerability
Description: Important
Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
An information disclosure vulnerability exists in the way Rome SDK handles server
SSL/TLS certificate validation. This vulnerability allows an unauthenticated attacker to
establish connection with an invalid SSL/TLS server certificate.
To exploit this, an attacker would have to Man-In-The-Middle to intercept an
established connection.
This security update addresses the issue by handling server SSL/TLS certificate
validation correctly.
FAQ:
What versions of the Project Rome SDK are affected by this vulnerability?
Version 1.4.0 and all previous versions of the SDK are affected. Version 1.4.1 does not
have the vulnerability.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1231
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Rome SDK
1.4.1
Release Notes Security
Update Important
Information
Disclosure
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1232 - Diagnostics Hub Standard Collector Service Elevation
of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1232
MITRE
NVD
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege
Vulnerability
Description:
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard
Collector Service improperly impersonates certain file operations. An attacker who
successfully exploited this vulnerability could gain elevated privileges.
An attacker with unprivileged access to a vulnerable system could exploit this
vulnerability.
The security update addresses the vulnerability by ensuring the Diagnostics Hub
Standard Collector Service properly impersonates file operations.
FAQ:
None
Mitigations:
None
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1232
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Visual
Studio 2015
Update 3
4513696
Security
Update
Important
Elevation
of
Privilege
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1232
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1232
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1232
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1232
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1232
based
Systems
Microsoft
Visual
Studio 2017
version 15.9
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512516
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1232
Windows
Server,
version
1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Visual
Studio 2017
version 15.0
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Visual
Studio 2019
version 16.0
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Visual
Studio 2019
version 16.2
Release
Notes
Security
Update
Important
Elevation
of
Privilege
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1233 - Microsoft Exchange Denial of Service Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1233
MITRE
NVD
CVE Title: Microsoft Exchange Denial of Service Vulnerability
Description:
A denial of service vulnerability exists in Microsoft Exchange Server software when the
software fails to properly handle objects in memory. An attacker who successfully
exploited the vulnerability could cause a remote denial of service against a system.
Exploitation of the vulnerability requires that a specially crafted email be sent to a
vulnerable Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange
Server handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Important Denial of
Service
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1233
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Exchange Server 2016
Cumulative Update 12
4515832 Security
Update Important
Denial of
Service 4509409
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019
Cumulative Update 1
4515832 Security
Update Important
Denial of
Service 4509408
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1233
Microsoft Exchange Server 2019
Cumulative Update 2
4515832 Security
Update Important
Denial of
Service 4509408
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016
Cumulative Update 13
4515832 Security
Update Important
Denial of
Service 4509409
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
CVE-2019-1235 - Windows Text Service Framework Elevation of
Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1235
MITRE
NVD
CVE Title: Windows Text Service Framework Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF)
when the TSF server process does not validate the source of input or commands it
receives. An attacker who successfully exploited this vulnerability could inject commands
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
or read input sent through a malicious Input Method Editor (IME). This only affects
systems that have installed an IME.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application that could exploit the vulnerability
and take control of an affected system.
The security update addresses this vulnerability by correcting how the TSF server and
client validate input from each other.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1235
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
4516033
Security
Only
4516065
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Systems
Service Pack
1 (Server
Core
installation)
Monthly
Rollup
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
4516026
Monthly
Rollup
Important
Elevation
of
Privilege
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Systems
Service Pack
2 (Server
Core
installation)
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803 (Server
Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Windows
Server,
version
1903 (Server
Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
4516026
Monthly
Rollup
4516051
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1235
Systems
Service Pack
2
Security
Only
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1236 - VBScript Remote Code Execution Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1236
CVE Title: VBScript Remote Code Execution Vulnerability
Description: Critical
Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
A remote code execution vulnerability exists in the way that the VBScript engine
handles objects in memory. The vulnerability could corrupt memory in such a way that
an attacker could execute arbitrary code in the context of the current user. An attacker
who successfully exploited the vulnerability could gain the same user rights as the
current user. If the current user is logged on with administrative user rights, an attacker
who successfully exploited the vulnerability could take control of an affected system. An
attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Internet Explorer and then convince a user
to view the website. An attacker could also embed an ActiveX control marked "safe for
initialization" in an application or Microsoft Office document that hosts the IE rendering
engine. The attacker could also take advantage of compromised websites and websites
that accept or host user-provided content or advertisements. These websites could
contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine
handles objects in memory.
FAQ:
None
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1236
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Internet
Explorer
9 on
Windows
4516026
Monthly
Rollup
4516046 IE
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
Server
2008 for
32-bit
Systems
Service
Pack 2
Cumulative
Internet
Explorer
9 on
Windows
Server
2008 for
x64-
based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
7 for 32-
bit
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
Systems
Service
Pack 1
Internet
Explorer
11 on
Windows
7 for
x64-
based
Systems
Service
Pack 1
4516065
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2008 R2
for x64-
based
Systems
4516065
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
Service
Pack 1
Internet
Explorer
11 on
Windows
Server
2012
4516046 IE
Cumulative Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
32-bit
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
x64-
based
systems
4516067
Monthly
Rollup
4516046 IE
Cumulative
Critical
Remote
Code
Execution
4511872
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
Internet
Explorer
11 on
Windows
Server
2012 R2
4516067
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
RT 8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
32-bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10 for
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
x64-
based
Systems
Internet
Explorer
11 on
Windows
Server
2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1607 for
32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
Version
1607 for
x64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1703 for
32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1703 for
x64-
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1709 for
32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1709 for
x64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
Internet
Explorer
11 on
Windows
10
Version
1803 for
32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1803 for
x64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
10
Version
1803 for
ARM64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1809 for
32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1809 for
x64-
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
Server
2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
Version
1709 for
ARM64-
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1903 for
32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1903 for
x64-
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1236
based
Systems
Internet
Explorer
11 on
Windows
10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet
Explorer
10 on
Windows
Server
2012
4516055
Monthly
Rollup
4516046 IE
Cumulative
Moderate
Remote
Code
Execution
4511872
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237 - Chakra Scripting Engine Memory Corruption
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1237
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory
in such a way that an attacker could execute arbitrary code in the context of the current
user. An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. If the current user is logged on with administrative user
rights, an attacker who successfully exploited the vulnerability could take control of an
affected system. An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Microsoft Edge and then convince a user
to view the website. The attacker could also take advantage of compromised websites
and websites that accept or host user-provided content or advertisements. These
websites could contain specially crafted content that could exploit the vulnerability.
Critical Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The security update addresses the vulnerability by modifying how the Chakra scripting
engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2016
4516044
Security
Update
Moderate
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1607 for
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
x64-based
Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
Windows 10
Version
1709 for 32-
bit Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
Windows 10
Version
1809 for 32-
bit Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
Microsoft
Edge
(EdgeHTML-
based) on
Windows
Server 2019
4512578
Security
Update
Moderate
Remote
Code
Execution
4511553
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
1903 for 32-
bit Systems
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft
Edge
(EdgeHTML-
based) on
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1237
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
CVE-2019-1240 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1240
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
(Server
Core
installation)
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
4516066
Security
Update
Important
Remote
Code
Execution
4512516 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
x64-based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: N/A
Temporal: N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
based
Systems
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1240
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1241
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1241
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Remote
Code
Execution
4512506 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
Service
Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
4516033
Security
Only
4516065
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
Based
Systems
Service
Pack 1
Monthly
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important
Remote
Code
Execution
4512518 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
4516070
Security
Update
Important
Remote
Code
Execution
4512497 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1241
based
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1242
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1242
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Remote
Code
Execution
4512506 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
Service
Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
4516033
Security
Only
4516065
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
Based
Systems
Service
Pack 1
Monthly
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important
Remote
Code
Execution
4512518 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
4516070
Security
Update
Important
Remote
Code
Execution
4512497 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1242
based
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1243
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1243
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Remote
Code
Execution
4512506 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
Service
Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
4516033
Security
Only
4516065
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
Based
Systems
Service
Pack 1
Monthly
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important
Remote
Code
Execution
4512518 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
4516070
Security
Update
Important
Remote
Code
Execution
4512497 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1243
based
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244 - DirectWrite Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1244
MITRE
NVD
CVE Title: DirectWrite Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses
the contents of its memory. An attacker who successfully exploited the vulnerability
could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by
convincing a user to open a specially crafted document, or by convincing a user to
visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles
objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is uninitialized memory.
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1244
Product KB
Article Severity Impact
Supersedenc
e CVSS Score Set
Restart
Require
d
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
Windows 7
for 32-bit
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
(Server
Core
installation
)
Rollup
Windows
Server
2008 R2 for
Itanium-
Based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
451602
6
Monthly
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
32-bit
Systems
Service
Pack 2
(Server
Core
installation
)
Rollup
451605
1
Security
Only
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2012
451605
5
Monthly
Rollup
451606
2
Security
Only
Importan
t
Informatio
n
Disclosure
4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012
(Server
Core
installation
)
451605
5
Monthly
Rollup
451606
2
Security
Importan
t
Informatio
n
Disclosure
4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
Only
Windows
8.1 for 32-
bit systems
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
8.1 for x64-
based
systems
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012 R2
451606
4
Security
Only
451606
7
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
Monthly
Rollup
Windows
RT 8.1
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012 R2
(Server
Core
installation
)
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 for 32-
bit Systems
451607
0
Security
Update
Importan
t
Informatio
n
Disclosure
4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 for x64-
451607
0
Security
Importan
t
Informatio
n
Disclosure
4512497
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
based
Systems
Update CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2016
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1607 for
32-bit
Systems
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1607 for
x64-based
Systems
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
(Server
Core
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
installation
)
Windows
10 Version
1703 for
32-bit
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1703 for
x64-based
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
32-bit
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
x64-based
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
Windows
10 Version
1803 for
32-bit
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
x64-based
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1803
(Server
Core
Installation
)
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
ARM64-
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
based
Systems
Windows
10 Version
1809 for
32-bit
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
x64-based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
Windows
Server
2019
(Server
Core
installation
)
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
32-bit
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
x64-based
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
Windows
10 Version
1903 for
ARM64-
based
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1903
(Server
Core
installation
)
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
Itanium-
Based
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1244
(Server
Core
installation
)
Only
CVE-2019-1245 - DirectWrite Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1245
MITRE
NVD
CVE Title: DirectWrite Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses
the contents of its memory. An attacker who successfully exploited the vulnerability
could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by
convincing a user to open a specially crafted document, or by convincing a user to
visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles
objects in memory.
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Product KB
Article Severity Impact
Supersedenc
e CVSS Score Set
Restart
Require
d
Windows 7
for 32-bit
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
451603
3
Security
Only
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Systems
Service
Pack 1
(Server
Core
installation
)
451606
5
Monthly
Rollup
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2008 R2 for
Itanium-
Based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
(Server
Core
installation
)
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012
451605
5
Monthly
Rollup
451606
2
Security
Only
Importan
t
Informatio
n
Disclosure
4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012
(Server
451605
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512518
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Core
installation
)
451606
2
Security
Only
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
8.1 for 32-
bit systems
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
8.1 for x64-
based
systems
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012 R2
451606
4
Security
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Only
451606
7
Monthly
Rollup
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
RT 8.1
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012 R2
(Server
Core
installation
)
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 for 32-
bit Systems
451607
0
Security
Update
Importan
t
Informatio
n
Disclosure
4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Windows
10 for x64-
based
Systems
451607
0
Security
Update
Importan
t
Informatio
n
Disclosure
4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1607 for
32-bit
Systems
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1607 for
x64-based
Systems
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
451604
4
Security
Importan
t
Informatio
n
Disclosure
4512517
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
(Server
Core
installation
)
Update CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1703 for
32-bit
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1703 for
x64-based
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
32-bit
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
x64-based
Systems
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1803 for
32-bit
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
x64-based
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1803
(Server
Core
Installation
)
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
451605
8
Security
Importan
t
Informatio
n
Disclosure
4512501
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
ARM64-
based
Systems
Update CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1809 for
32-bit
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
x64-based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2019
(Server
Core
installation
)
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
32-bit
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
451538
4
Security
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
x64-based
Systems
Update CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1903 for
ARM64-
based
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1903
(Server
Core
installation
)
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
Itanium-
Based
Systems
451602
6
Monthly
Rollup
451605
1
Security
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Service
Pack 2
Only
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
x64-based
Systems
451602
6
Monthly
Rollup
451605
Importan
t
Informatio
n
Disclosure
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1245
Service
Pack 2
(Server
Core
installation
)
1
Security
Only
CVE-2019-1246 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1246
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
(Server
Core
installation)
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Office 2010
Service
Pack 2 (32-
bit editions)
4475599
Security
Update
Important
Remote
Code
Execution
4475506
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Microsoft
Office 2010
Service
Pack 2 (64-
bit editions)
4475599
Security
Update
Important
Remote
Code
Execution
4475506
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Office 2013
Service
Pack 1 (32-
bit editions)
4475611
Security
Update
Important
Remote
Code
Execution
4464599
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office 2013
Service
Pack 1 (64-
bit editions)
4475611
Security
Update
Important
Remote
Code
Execution
4464599
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Microsoft
Office 2013
RT Service
Pack 1
4475611
Security
Update
Important
Remote
Code
Execution
4464599
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Office 2016
(32-bit
edition)
4475591
Security
Update
Important
Remote
Code
Execution
4475538
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office 2016
(64-bit
edition)
4475591
Security
Update
Important
Remote
Code
Execution
4475538
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
x64-based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
x64-based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft
Office 2019
for 32-bit
editions
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Microsoft
Office 2019
for 64-bit
editions
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365
ProPlus for
32-bit
Systems
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365
ProPlus for
64-bit
Systems
Click to
Run
Security
Update
Important
Remote
Code
Execution
4511553
Base: N/A
Temporal: N/A
Vector: N/A
No
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
4516026
Monthly
Rollup
4516051
Security
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Service
Pack 2
Only
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1246
Core
installation)
CVE-2019-1247 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1247
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1247
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
Core
installation)
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
4516064
Security
Only
Important
Remote
Code
Execution
4512488 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
based
systems
4516067
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
10 for x64-
based
Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1247
based
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1248
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1248
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Remote
Code
Execution
4512506 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
Service
Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
4516033
Security
Only
4516065
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
Based
Systems
Service
Pack 1
Monthly
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important
Remote
Code
Execution
4512518 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
4516070
Security
Update
Important
Remote
Code
Execution
4512497 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1248
based
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1249
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1249
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Remote
Code
Execution
4512506 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
Service
Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
4516033
Security
Only
4516065
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
Based
Systems
Service
Pack 1
Monthly
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important
Remote
Code
Execution
4512518 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
4516070
Security
Update
Important
Remote
Code
Execution
4512497 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1249
based
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1250
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially
crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet
Database Engine handles objects in memory.
FAQ:
Are Active Directory and Exchange Server affected by this vulnerability?
No, Active Directory and Exchange Server are not affected.
Important Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1250
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Remote
Code
Execution
4512506 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
Service
Pack 1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
4516033
Security
Only
4516065
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
Based
Systems
Service
Pack 1
Monthly
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Remote
Code
Execution
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
Important
Remote
Code
Execution
4512518 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
4516062
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Remote
Code
Execution
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Remote
Code
Execution
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important
Remote
Code
Execution
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 for x64-
4516070
Security
Update
Important
Remote
Code
Execution
4512497 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2016
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
Core
installation)
4516044
Security
Update
Important
Remote
Code
Execution
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Remote
Code
Execution
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
4516058
Security
Update
Important
Remote
Code
Execution
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Remote
Code
Execution
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
4512578
Security
Update
Important
Remote
Code
Execution
4511553 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important
Remote
Code
Execution
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Remote
Code
Execution
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important
Remote
Code
Execution
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Remote
Code
Execution
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1250
based
Systems
Service
Pack 2
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Remote
Code
Execution
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1251 - DirectWrite Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1251
MITRE
NVD
CVE Title: DirectWrite Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses
the contents of its memory. An attacker who successfully exploited the vulnerability
could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by
convincing a user to open a specially crafted document, or by convincing a user to
visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles
objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is memory layout - the vulnerability allows an attacker to collect
information that facilitates predicting addressing of the memory.
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1251
Product KB
Article Severity Impact
Supersedenc
e CVSS Score Set
Restart
Require
d
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1251
Windows
10 Version
1703 for
32-bit
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1703 for
x64-based
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
32-bit
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
x64-based
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
451605
8
Security
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1251
32-bit
Systems
Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1803 for
x64-based
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1803
(Server
Core
Installation
)
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1251
Windows
10 Version
1809 for
32-bit
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
x64-based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1251
Windows
Server
2019
(Server
Core
installation)
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
ARM64-
based
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
32-bit
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
x64-based
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1251
Windows
10 Version
1903 for
ARM64-
based
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1903
(Server
Core
installation)
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
CVE-2019-1252 - Windows GDI Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: Important
Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
1252
MITRE
NVD
An information disclosure vulnerability exists when the Windows GDI component
improperly discloses the contents of its memory. An attacker who successfully
exploited the vulnerability could obtain information to further compromise the
user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by
convincing a user to open a specially crafted document, or by convincing a user to visit
an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI
component handles objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is memory layout - the vulnerability allows an attacker to collect
information that facilitates predicting addressing of the memory.
Mitigations:
None
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1252
Product KB
Article Severity Impact
Supersedenc
e CVSS Score Set
Restart
Require
d
Windows 7
for 32-bit
Systems
Service
Pack 1
451603
3
Security
Only
451606
Importan
t
Informatio
n
Disclosure
4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
5
Monthly
Rollup
Windows 7
for x64-
based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
(Server
Core
installation)
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Windows
Server
2008 R2 for
Itanium-
Based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
451603
3
Security
Only
451606
5
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Importan
t
Informatio
n
Disclosure
4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
(Server
Core
installation)
Only
Windows
Server
2012
451605
5
Monthly
Rollup
451606
2
Security
Only
Importan
t
Informatio
n
Disclosure
4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012
(Server
Core
installation)
451605
5
Monthly
Rollup
451606
2
Security
Only
Importan
t
Informatio
n
Disclosure
4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
8.1 for 32-
bit systems
451606
4
Security
Only
Importan
t
Informatio
n
Disclosure
4512488
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
451606
7
Monthly
Rollup
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
8.1 for x64-
based
systems
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012 R2
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
RT 8.1
451606
7
Monthly
Importan
t
Informatio
n
Disclosure
4512488
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Rollup CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server
2012 R2
(Server
Core
installation)
451606
4
Security
Only
451606
7
Monthly
Rollup
Importan
t
Informatio
n
Disclosure
4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 for 32-
bit Systems
451607
0
Security
Update
Importan
t
Informatio
n
Disclosure
4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 for x64-
based
Systems
451607
0
Security
Update
Importan
t
Informatio
n
Disclosure
4512497
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
451604
4
Security
Importan
t
Informatio
n
Disclosure
4512517
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
10 Version
1607 for
32-bit
Systems
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1607 for
x64-based
Systems
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
(Server
Core
installation)
451604
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1703 for
32-bit
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Windows
10 Version
1703 for
x64-based
Systems
451606
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
32-bit
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
x64-based
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
32-bit
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
451605
8
Security
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
x64-based
Systems
Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Windows
Server,
version
1803
(Server
Core
Installation
)
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
451605
8
Security
Update
Importan
t
Informatio
n
Disclosure
4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
32-bit
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Windows
10 Version
1809 for
x64-based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
(Server
Core
installation)
451257
8
Security
Update
Importan
t
Informatio
n
Disclosure
4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Windows
10 Version
1709 for
ARM64-
based
Systems
451606
6
Security
Update
Importan
t
Informatio
n
Disclosure
4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
32-bit
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
x64-based
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Windows
Server,
version
1903
(Server
Core
installation)
451538
4
Security
Update
Importan
t
Informatio
n
Disclosure
4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
Itanium-
Based
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1252
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
x64-based
Systems
Service
Pack 2
(Server
Core
installation)
451602
6
Monthly
Rollup
451605
1
Security
Only
Importan
t
Informatio
n
Disclosure
4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1253 - Windows Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1253
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows AppX Deployment
Server improperly handles junctions.
To exploit this vulnerability, an attacker would first have to gain execution on the
victim system. An attacker could then run a specially crafted application to elevate
privileges.
The security update addresses the vulnerability by correcting how AppX
Deployment Server handles junctions.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1253
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1253
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1253
(Server Core
Installation)
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1253
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1253
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
CVE-2019-1254 - Windows Hyper-V Information Disclosure
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
Description: Important
Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
1254
MITRE
NVD
An information disclosure vulnerability exists when Windows Hyper-V writes
uninitialized memory to disk. An attacker could exploit the vulnerability by reading
a file to recover kernel memory.
To exploit the vulnerability, an attacker would first require access to a Hyper-V host.
The security update addresses the vulnerability by ensuring Hyper-V properly
initializes memory before writing it to disk.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1254
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Server
2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2016
(Server
Core
installation)
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1254
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
version
1803
(Server
Core
Installation
)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1254
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2019
(Server
Core
installation)
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server,
4515384
Security Important
Information
Disclosure 4512508
Base: 5.5
Temporal: 5 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1254
version
1903
(Server
Core
installation)
Update Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
CVE-2019-1256 - Win32k Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1256
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component
fails to properly handle objects in memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application that could exploit the vulnerability
and take control of an affected system.
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The update addresses this vulnerability by correcting how Win32k handles objects in
memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Rollup
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803 (Server
Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
based
Systems
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903 (Server
Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
4516026
Monthly
Rollup
Important
Elevation
of
Privilege
4512476 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1256
based
Systems
Service Pack
2 (Server
Core
installation)
4516051
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2019-1257 - Microsoft SharePoint Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1257
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in Microsoft SharePoint when the software
fails to check the source markup of an application package. An attacker who
successfully exploited the vulnerability could run arbitrary code in the context of the
SharePoint application pool and the SharePoint server farm account.
Critical Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Exploitation of this vulnerability requires that a user uploads a specially crafted
SharePoint application package to an affected version of SharePoint.
The security update addresses the vulnerability by correcting how SharePoint checks
the source markup of application packages.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1257
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation
2010 Service Pack 2
4475605 Security
Update Critical
Remote Code
Execution 4475575
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation
2013 Service Pack 1
4484098 Security
Update Critical
Remote Code
Execution 4475565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise
Server 2016
4475590 Security
Update Critical
Remote Code
Execution 4475549
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4475596 Security
Update Critical
Remote Code
Execution 4475555
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1259 - Microsoft SharePoint Spoofing Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1259
MITRE
NVD
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description:
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles
requests to authorize applications, resulting in cross-site request forgery (CSRF).
To exploit this vulnerability, an attacker would need to create a page specifically
designed to cause a cross-site request. The attacker would then need to convince a
targeted user to click a link to the malicious page.
The security update addresses the vulnerability by helping to ensure that SharePoint
Server properly sanitizes user web requests.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Moderate Spoofing
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1259
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2013
Service Pack 1
4484098 Security
Update Moderate Spoofing 4475565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1260 - Microsoft SharePoint Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1260
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker
who successfully exploited this vulnerability could attempt to impersonate another
user of the SharePoint server.
To exploit this vulnerability, an authenticated attacker would send a specially
crafted request to an affected server, thereby allowing the impersonation of
another SharePoint user.
The security update addresses the vulnerability by correcting how Microsoft
SharePoint sanitizes user input.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
There are multiple update packages available for some of the affected
software. Do I need to install all the updates listed in the Security Updates
table for the software?
Yes. Customers should apply all updates offered for the software installed on their
systems. If multiple updates apply, they can be installed in any order.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1260
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation
2010 Service Pack 2
4475605 Security
Update Important
Elevation of
Privilege 4475575
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation
2013 Service Pack 1
4484098 Security
Update
4484099 Security
Update
Important Elevation of
Privilege 4475565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise
Server 2016
4475590 Security
Update
4475594 Security
Update
Important Elevation of
Privilege 4475549
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019
4464557 Security
Update
4475596 Security
Update
Important Elevation of
Privilege 4475555
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1261 - Microsoft SharePoint Spoofing Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1261
MITRE
NVD
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description:
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles
requests to authorize applications, resulting in cross-site request forgery (CSRF).
To exploit this vulnerability, an attacker would need to create a page specifically
designed to cause a cross-site request. The attacker would then need to convince a
targeted user to click a link to the malicious page.
The security update addresses the vulnerability by helping to ensure that SharePoint
Server properly sanitizes user web requests.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Important Spoofing
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1261
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2013
Service Pack 1
4484098 Security
Update Important Spoofing 4475565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server
2016
4475590 Security
Update Important Spoofing 4475549
Base: N/A
Temporal: Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1261
N/A
Vector: N/A
Microsoft SharePoint Server 2019 4475596 Security
Update Important Spoofing 4475555
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
CVE-2019-1262 - Microsoft Office SharePoint XSS Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1262
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does
not properly sanitize a specially crafted web request to an affected SharePoint server. An
authenticated attacker could exploit the vulnerability by sending a specially crafted
request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site
scripting attacks on affected systems and run script in the security context of the current
user. The attacks could allow the attacker to read content that the attacker is not
Important Spoofing
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
authorized to read, use the victim's identity to take actions on the SharePoint site on
behalf of the user, such as change permissions and delete content, and inject malicious
content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint
Server properly sanitizes web requests.
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1262
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Foundation 2013
Service Pack 1
4484098 Security
Update Important Spoofing 4475565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
CVE-2019-1263 - Microsoft Excel Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1263
CVE Title: Microsoft Excel Information Disclosure Vulnerability
Description: Important
Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
An information disclosure vulnerability exists when Microsoft Excel improperly
discloses the contents of its memory. An attacker who exploited the vulnerability
could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then
convince the user to open it. An attacker must know the memory address location
where the object was created.
The update addresses the vulnerability by changing the way certain Excel functions
handle objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is uninitialized memory.
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1263
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Excel 2010 Service Pack
2 (32-bit editions)
4475574 Security
Update Important
Information
Disclosure 4464572
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1263
Microsoft Excel 2010 Service Pack
2 (64-bit editions)
4475574 Security
Update Important
Information
Disclosure 4464572
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack
1 (32-bit editions)
4475566 Security
Update Important
Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack
1 (64-bit editions)
4475566 Security
Update Important
Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service
Pack 1
4475566 Security
Update Important
Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Release Notes
Security Update Important
Information
Disclosure 4464565
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Excel 2016 (32-bit
edition)
4475579 Security
Update Important
Information
Disclosure 4475513
Base: N/A
Temporal: Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1263
N/A
Vector: N/A
Microsoft Excel 2016 (64-bit
edition)
4475579 Security
Update Important
Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit
editions
Click to Run Security
Update Important
Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit
editions
Click to Run Security
Update Important
Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for Mac Release Notes
Security Update Important
Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit
Systems
Click to Run Security
Update Important
Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1263
Office 365 ProPlus for 64-bit
Systems
Click to Run Security
Update Important
Information
Disclosure 4475513
Base: N/A
Temporal:
N/A
Vector: N/A
No
CVE-2019-1264 - Microsoft Office Security Feature Bypass Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1264
MITRE
NVD
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
Description:
A security feature bypass vulnerability exists when Microsoft Office improperly
handles input. An attacker who successfully exploited the vulnerability could execute
arbitrary commands.
In a file-sharing attack scenario, an attacker could provide a specially crafted
document file designed to exploit the vulnerability, and then convince a user to open
the document file and interact with the document by clicking a specific cell.
The update addresses the vulnerability by correcting how Microsoft Office handles
input.
Important Security Feature
Bypass
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1264
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Project 2010 Service Pack
2 (32-bit editions)
4461631 Security
Update Important
Security Feature
Bypass 4022147
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2010 Service Pack
2 (64-bit editions)
4461631 Security
Update Important
Security Feature
Bypass 4022147
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack
2 (32-bit editions)
4464566 Security
Update Important
Security Feature
Bypass 4462223
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack
2 (64-bit editions)
4464566 Security
Update Important
Security Feature
Bypass 4462223
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack
1 (32-bit editions)
4475607 Security
Update Important
Security Feature
Bypass 4464558
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1264
Microsoft Office 2013 Service Pack
1 (64-bit editions)
4475607 Security
Update Important
Security Feature
Bypass 4464558
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service
Pack 1
4475607 Security
Update Important
Security Feature
Bypass 4464558
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit
edition)
4475583 Security
Update Important
Security Feature
Bypass 4462242
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit
edition)
4475583 Security
Update Important
Security Feature
Bypass 4462242
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2016 (32-bit
edition)
4475589 Security
Update Important
Security Feature
Bypass 4461478
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2016 (64-bit
edition)
4475589 Security
Update Important
Security Feature
Bypass 4461478
Base: N/A
Temporal: Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1264
N/A
Vector: N/A
Microsoft Project 2013 Service Pack
1 (32-bit editions)
4464548 Security
Update Important
Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Project 2013 Service Pack
1 (64-bit editions)
4464548 Security
Update Important
Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit
editions
Click to Run
Security Update Important
Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit
editions
Click to Run
Security Update Important
Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit
Systems
Click to Run
Security Update Important
Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1264
Office 365 ProPlus for 64-bit
Systems
Click to Run
Security Update Important
Security Feature
Bypass 4461489
Base: N/A
Temporal:
N/A
Vector: N/A
No
CVE-2019-1265 - Microsoft Yammer Security Feature Bypass
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1265
MITRE
NVD
CVE Title: Microsoft Yammer Security Feature Bypass Vulnerability
Description:
A security feature bypass vulnerability exists when Microsoft Yammer App for Android
fails to apply the correct Intune MAM Policy.
This could allow an attacker to perform functions that are restricted by Intune Policy.
The security update addresses the vulnerability by correcting the way the policy is
applied to Yammer App.
Important Security Feature
Bypass
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
How do I get the update for Yammer for Android?
1. Tap the Google Play icon on your home screen.
2. Swipe in from the left edge of the screen.
3. Tap My apps & games.
4. Tap the Update box next to the Yammer app.
Is there a direct link on the web?
Yes: https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US
What versions of the Yammer for Android App contain the fix for this
vulnerability?
Yammer for Android App versions 5.6.10 or higher are not affected by this vulnerability.
Mitigations:
None
Workarounds:
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1265
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Yammer for Android Important Security Feature Bypass Base: N/A
Temporal: N/A
Vector: N/A
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1266 - Microsoft Exchange Spoofing Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1266
MITRE
NVD
CVE Title: Microsoft Exchange Spoofing Vulnerability
Description:
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App
(OWA) fails to properly handle web requests. An attacker who successfully exploited the
vulnerability could perform script or content injection attacks, and attempt to trick the
user into disclosing sensitive information. An attacker could also redirect the user to a
malicious website that could spoof content or the vulnerability could be used as a pivot
to chain an attack with other vulnerabilities in web services.
To exploit the vulnerability, an attacker could send a specially crafted email containing a
malicious link to a user. An attacker could also use a chat client to social engineer a user
into clicking the malicious link. However, in both examples the user must click the
malicious link.
The security update addresses the vulnerability by correcting how OWA validates web
requests.
FAQ:
None
Important Spoofing
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1266
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Exchange Server 2016
Cumulative Update 12
4515832 Security
Update Important Spoofing 4509409
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1266
Microsoft Exchange Server 2019
Cumulative Update 1
4515832 Security
Update Important Spoofing 4509408
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019
Cumulative Update 2
4515832 Security
Update Important Spoofing 4509408
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016
Cumulative Update 13
4515832 Security
Update Important Spoofing 4509409
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267 - Microsoft Compatibility Appraiser Elevation of
Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1267
MITRE
NVD
CVE Title: Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where
a configuration file, with local privileges, is vulnerable to symbolic link and hard link
attacks. An attacker who successfully exploited this vulnerability could run processes in
an elevated context. An attacker could then install programs; view, change or delete
data.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application that could exploit the vulnerability
and take control of an affected system.
The security update addresses the vulnerability by writing the file to a location with an
appropriate Access Control List.
FAQ:
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1267
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Important
Elevation
of
Privilege
4512506 Base: 7.3
Temporal: 6.6 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
Service Pack
1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
4516033
Security
Only
4516065
Monthly
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
Systems
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517 Base: 7.3
Temporal: 6.6 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-
based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
based
Systems
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
4516058
Security
Update
Important
Elevation
of
Privilege
4512501 Base: 7.3
Temporal: 6.6 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
(Server Core
Installation)
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1267
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
CVE-2019-1268 - Winlogon Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1268
MITRE
NVD
CVE Title: Winlogon Elevation of Privilege Vulnerability
Description:
An elevation of privilege exists when Winlogon does not properly handle file path
information. An attacker who successfully exploited this vulnerability could run arbitrary
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
code. An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application to take control of an affected
system.
The update addresses the vulnerability by correcting how Winlogon handles path
information.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1268
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
4516033
Security
Only
4516065
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Systems
Service Pack
1 (Server
Core
installation)
Monthly
Rollup
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
4516026
Monthly
Rollup
Important
Elevation
of
Privilege
4512476 Base: 6.5
Temporal: 5.9 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Systems
Service Pack
2 (Server
Core
installation)
4516051
Security
Only
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Windows
8.1 for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Windows
Server,
version
1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
4516026
Monthly
Rollup
4516051
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1268
Systems
Service Pack
2
Security
Only
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 6.5
Temporal: 5.9
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Yes
CVE-2019-1269 - Windows ALPC Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1269
CVE Title: Windows ALPC Elevation of Privilege Vulnerability
Description: Important
Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
An elevation of privilege vulnerability exists when Windows improperly handles calls
to Advanced Local Procedure Call (ALPC).
An attacker who successfully exploited this vulnerability could run arbitrary code in
the security context of the local system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application that could exploit the
vulnerability and take control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to
ALPC.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1269
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-
based
systems
4516064
Security
Only
4516067
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1269
Monthly
Rollup
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1269
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-
based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1269
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-
based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1269
Windows 10
Version 1803
for x64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1269
based
Systems
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security
Update
Important
Elevation
of
Privilege
4512508 Base: 6.3
Temporal: 5.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1269
for 32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1903
for x64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1270 - Microsoft Windows Store Installer Elevation of
Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1270
MITRE
NVD
CVE Title: Microsoft Windows Store Installer Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows store installer where
WindowsApps directory is vulnerable to symbolic link attack. An attacker who
successfully exploited this vulnerability could bypass access restrictions to add or
remove files.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application that could exploit the
vulnerability and add or remove files.
The security update addresses the vulnerability by not allowing reparse points in the
WindowsApps directory.
FAQ:
None
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1270
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1270
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-
based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1270
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-
based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1270
Windows 10
Version 1803
for x64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1270
based
Systems
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
4515384
Security
Update
Important
Elevation
of
Privilege
4512508 Base: 6.3
Temporal: 5.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1270
for 32-bit
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1903
for x64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271 - Windows Media Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1271
MITRE
NVD
CVE Title: Windows Media Elevation of Privilege Vulnerability
Description:
An elevation of privilege exists in hdAudio.sys which may lead to an out of band write.
An attacker who successfully exploited this vulnerability could run processes in an
elevated context. An attacker could then install programs; view, change or delete data.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application to take control of an affected
system.
The update addresses the vulnerability by correcting how hdAudio.sys stores the size
of the reserved region.
FAQ:
None
Mitigations:
None
Workarounds:
None
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1271
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Important
Elevation
of
Privilege
4512506
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important
Elevation
of
Privilege
4512518
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Rollup
Windows RT
8.1
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important
Elevation
of
Privilege
4512488
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-
based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-
based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
4516026
Monthly
Rollup
4516051
Security
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1271
Service Pack
2
Only
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important
Elevation
of
Privilege
4512476
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C
Yes
CVE-2019-1272 - Windows ALPC Elevation of Privilege Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1272
CVE Title: Windows ALPC Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls
to Advanced Local Procedure Call (ALPC).
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
An attacker who successfully exploited this vulnerability could run arbitrary code in
the security context of the local system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An
attacker could then run a specially crafted application that could exploit the
vulnerability and take control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to
ALPC.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
@绿盟科技 2019 http://www.nsfocus.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1272
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1272
Windows 10
Version 1607
for x64-
based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-
based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1272
Windows 10
Version 1709
for x64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for ARM64-
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1272
based
Systems
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553 Base: 6.3
Temporal: 5.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1272
(Server Core
installation)
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1272
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
CVE-2019-1273 - Active Directory Federation Services XSS Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1273
MITRE
NVD
CVE Title: Active Directory Federation Services XSS Vulnerability
Description:
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services
(ADFS) does not properly sanitize certain error messages. An authenticated attacker
could exploit the vulnerability by sending a specially crafted request to an affected ADFS
server.
The attacker who successfully exploited the vulnerability could then perform cross-site
scripting attacks on affected systems and run scripts in the security context of the
current user. The attacks could allow the attacker to read content that the attacker is not
authorized to read, use the victim's identity to take actions on the ADFS site on behalf of
Important Spoofing
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
the user, such as change permissions and delete content, and inject malicious content in
the browser of the user.
The security update addresses the vulnerability by helping to ensure that ADFS error
handling properly sanitizes error messages.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1273
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
4516058
Security
Update
Important Spoofing 4512501
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1273
based
Systems
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1273
Windows
Server 2019
(Server
Core
installation)
4512578
Security
Update
Important Spoofing 4511553
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important Spoofing 4512508
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Spoofing 4512508
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important Spoofing 4512508
Base: 8.2
Temporal: 7.4
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows
Server,
4515384
Security Important Spoofing 4512508
Base: 8.2
Temporal: 7.4 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1273
version
1903
(Server
Core
installation)
Update Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
CVE-2019-1274 - Windows Kernel Information Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1274
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows kernel fails to
properly initialize a memory address. An attacker who successfully exploited this
vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system
and run a specially crafted application.
The security update addresses the vulnerability by correcting how the Windows kernel
initializes memory.
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is uninitialized memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
(Server
Core
installation)
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
8.1 for x64-
4516064
Security Important
Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
based
systems
Only
4516067
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
Server 2012
R2
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
RT 8.1
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 for 32-
bit Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.3
Temporal: 5.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
10 for x64-
based
Systems
4516070
Security
Update
Important Information
Disclosure 4512497
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
32-bit
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server
4516044
Security
Update
Important Information
Disclosure 4512517
Base: 6.3
Temporal: 5.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Core
installation)
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
10 Version
1703 for
32-bit
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4516068
Security
Update
Important Information
Disclosure 4512507
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
32-bit
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Windows
10 Version
1803 for
32-bit
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important Information
Disclosure 4512501
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Windows
10 Version
1809 for
32-bit
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
x64-based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server
4512578
Security
Update
Important Information
Disclosure 4511553
Base: 6.3
Temporal: 5.7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Core
installation)
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Windows
10 Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important Information
Disclosure 4512516
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
32-bit
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
x64-based
Systems
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
10 Version
1903 for
ARM64-
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
based
Systems
Windows
Server,
version
1903
(Server
Core
installation)
4515384
Security
Update
Important Information
Disclosure 4512508
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1274
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 6.3
Temporal: 5.7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1277 - Windows Audio Service Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1277
MITRE
NVD
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in Windows Audio Service when a
malformed parameter is processed. An attacker who successfully exploited the
vulnerability could run arbitrary code with elevated privileges when used in conjunction
with another vulnerability.
To exploit the vulnerability, an attacker could run a specially crafted application locally.
This vulnerability by itself does not allow arbitrary code to be run. However, this
vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a
remote code execution vulnerability and another elevation of privilege) that could take
advantage of the elevated privileges when running.
The update addresses the vulnerability by correcting how the Windows Audio Service
handles these parameters.
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1277
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1277
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1277
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1803
(Server Core
Installation)
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1277
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1277
based
Systems
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
x64-based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1278 - Windows Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
1278
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists in the way that the unistore.dll handles
objects in memory. An attacker who successfully exploited the vulnerability could
execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially
crafted application.
The security update addresses the vulnerability by ensuring the unistore.dll properly
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Important Elevation of
Privilege
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1278
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
for 32-bit
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Important
Elevation
of
Privilege
4512497
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Important
Elevation
of
Privilege
4512517 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1278
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version
1607 for 32-
bit Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Important
Elevation
of
Privilege
4512517
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1703 for
4516068
Security
Update
Important
Elevation
of
Privilege
4512507
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1278
x64-based
Systems
Windows 10
Version
1709 for 32-
bit Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
4516058
Security
Update
Important
Elevation
of
Privilege
4512501 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1278
1803
(Server Core
Installation)
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version
1803 for
ARM64-
based
Systems
4516058
Security
Update
Important
Elevation
of
Privilege
4512501
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1809 for
ARM64-
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1278
based
Systems
Windows
Server 2019
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Important
Elevation
of
Privilege
4511553
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4516066
Security
Update
Important
Elevation
of
Privilege
4512516
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for 32-
bit Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version
1903 for
4515384
Security
Update
Important
Elevation
of
Privilege
4512508 Base: 7.8
Temporal: 7 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1278
x64-based
Systems
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version
1903 for
ARM64-
based
Systems
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version
1903
(Server Core
installation)
4515384
Security
Update
Important
Elevation
of
Privilege
4512508
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280 - LNK Remote Code Execution Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1280
MITRE
NVD
CVE Title: LNK Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in Microsoft Windows that could allow
remote code execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights
as the local user. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user rights.
The attacker could present to the user a removable drive, or remote share, that contains
a malicious .LNK file and an associated malicious binary. When the user opens this
drive(or remote share) in Windows Explorer, or any other application that parses
the .LNK file, the malicious binary will execute code of the attacker’s choice, on the
target system.
The security update addresses the vulnerability by correcting the processing of shortcut
LNK references.
FAQ:
Critical Remote Code
Execution
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1280
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
4516033
Security
Only
Critical
Remote
Code
Execution
4512506 Base: 7.3
Temporal: 6.6 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Service Pack
1
4516065
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 7
for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
4516033
Security
Only
4516065
Monthly
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Systems
Service Pack
1
Rollup
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4516033
Security
Only
4516065
Monthly
Rollup
Critical
Remote
Code
Execution
4512506
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
4516055
Monthly
Rollup
4516062
Security
Critical
Remote
Code
Execution
4512518
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Only
Windows
Server 2012
(Server Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Critical
Remote
Code
Execution
4512518
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for 32-bit
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1
for x64-
based
systems
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2
4516064
Security
Only
4516067
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Monthly
Rollup
Windows RT
8.1
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4516064
Security
Only
4516067
Monthly
Rollup
Critical
Remote
Code
Execution
4512488
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for 32-bit
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
for x64-
based
Systems
4516070
Security
Update
Critical
Remote
Code
Execution
4512497
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
4516044
Security
Update
Critical
Remote
Code
Execution
4512517 Base: 7.3
Temporal: 6.6 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1607
for 32-bit
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1607
for x64-
based
Systems
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2016
(Server Core
installation)
4516044
Security
Update
Critical
Remote
Code
Execution
4512517
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for 32-bit
Systems
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1703
for x64-
4516068
Security
Update
Critical
Remote
Code
Execution
4512507
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
based
Systems
Windows 10
Version 1709
for 32-bit
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for x64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for 32-bit
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for x64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1803
4516058
Security
Update
Critical
Remote
Code
Execution
4512501 Base: 7.3
Temporal: 6.6 Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
(Server Core
Installation)
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1803
for ARM64-
based
Systems
4516058
Security
Update
Critical
Remote
Code
Execution
4512501
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for x64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for ARM64-
based
Systems
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Windows
Server 2019
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2019
(Server Core
installation)
4512578
Security
Update
Critical
Remote
Code
Execution
4511553
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1709
for ARM64-
based
Systems
4516066
Security
Update
Critical
Remote
Code
Execution
4512516
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for 32-bit
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1903
for x64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Windows 10
Version 1903
for ARM64-
based
Systems
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 1903
(Server Core
installation)
4515384
Security
Update
Critical
Remote
Code
Execution
4512508
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1280
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4516026
Monthly
Rollup
4516051
Security
Only
Critical
Remote
Code
Execution
4512476
Base: 7.3
Temporal: 6.6
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1282 - Windows Common Log File System Driver Information
Disclosure Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
1282
MITRE
NVD
CVE Title: Windows Common Log File System Driver Information Disclosure
Vulnerability
Description:
An information disclosure exists in the Windows Common Log File System (CLFS)
driver when it fails to properly handle sandbox checks. An attacker who successfully
exploited this vulnerability could potentially read data outside their expected limits.
To exploit the vulnerability, an attacker would first have to log on to the system, and
then run a specially crafted application.
The security update addresses the vulnerability by correcting how CLFS handles
sandbox checks.
FAQ:
What type of information could be disclosed by this vulnerability?
Important Information
Disclosure
@绿盟科技 2019 http://www.nsfocus.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
The type of information that could be disclosed if an attacker successfully exploited
this vulnerability is unauthorized file system access - reading from the file system.
Mitigations:
None
Workarounds:
None
Revision:
1.0 09/10/2019 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1282
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1282
Windows 7
for 32-bit
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
(Server
Core
installation)
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1282
Windows
Server
2008 R2 for
Itanium-
Based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 R2 for
x64-based
Systems
Service
Pack 1
4516033
Security
Only
4516065
Monthly
Rollup
Important Information
Disclosure 4512506
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
(Server
4516026
Monthly
Rollup
4516051
Security
Only
Important Information
Disclosure 4512476
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
@绿盟科技 2019 http://www.nsfocus.com
CVE-2019-1282
Core
installation)
Windows
Server
2012
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
Server
2012
(Server
Core
installation)
4516055
Monthly
Rollup
4516062
Security
Only
Important Information
Disclosure 4512518
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
8.1 for 32-
bit systems
4516064
Security
Only
4516067
Monthly
Rollup
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:
C
Yes
Windows
8.1 for x64-
4516064
Security
Only
Important Information
Disclosure 4512488
Base: 5.5
Temporal: 5
Vector:
Yes