Kaspersky Threats

Detect date

?

05/14/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely to gain privileges.
An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
An elevation of privilege vulnerability in Unified Write Filter can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
An elevation of privilege vulnerability in Diagnostic Hub Standard Collector, Visual Studio Standard Collector can be exploited remotely via specially crafted application to gain privileges.
A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code.
An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
A security feature bypass vulnerability in Windows Defender Application Control can be exploited remotely to bypass security restrictions.
An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code.
An elevation of privilege vulnerability in Windows Storage Service can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in Windows NDIS can be exploited remotely via specially crafted application to gain privileges.

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 1809 for x64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 1709 for ARM64-based Systems
Windows Server 2019
Windows Server 2016
Windows 10 Version 1803 for ARM64-based Systems
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows 10 for 32-bit Systems
Windows 10 Version 1903 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.0
Microsoft Visual Studio 2015 Update 3
Windows Server 2016 (Server Core installation)
Windows 10 Version 1709 for x64-based Systems
PowerShell Core 6.1
Windows Server 2019 (Server Core installation)
PowerShell Core 6.2
Windows Server, version 1803 (Server Core Installation)
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-0895
CVE-2019-0889
CVE-2019-0863
CVE-2019-0758
CVE-2019-0942
CVE-2019-0891
CVE-2019-0936
CVE-2019-0900
CVE-2019-0961
CVE-2019-0903
CVE-2019-0727
CVE-2019-0885
CVE-2019-0894
CVE-2019-0886
CVE-2019-0733
CVE-2019-0893
CVE-2019-0902
CVE-2019-0896
CVE-2019-0882
CVE-2019-0892
CVE-2019-0897
CVE-2019-0725
CVE-2019-0901
CVE-2019-0931
CVE-2019-0898
CVE-2019-0734
CVE-2019-0890
CVE-2019-0881
CVE-2019-0707
CVE-2019-0899
ADV190013

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

PE

[?]

Detect date ?	05/14/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code. An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely to gain privileges. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information. An elevation of privilege vulnerability in Unified Write Filter can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code. An elevation of privilege vulnerability in Diagnostic Hub Standard Collector, Visual Studio Standard Collector can be exploited remotely via specially crafted application to gain privileges. A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information. A security feature bypass vulnerability in Windows Defender Application Control can be exploited remotely to bypass security restrictions. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges. A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code. An elevation of privilege vulnerability in Windows Storage Service can be exploited remotely via specially crafted application to gain privileges. An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges. An elevation of privilege vulnerability in Windows NDIS can be exploited remotely via specially crafted application to gain privileges.
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Windows 10 Version 1809 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 7 for x64-based Systems Service Pack 1 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 7 for 32-bit Systems Service Pack 1 Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows 10 for x64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1703 for x64-based Systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows 10 Version 1809 for x64-based Systems Windows Server, version 1903 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows 10 Version 1709 for ARM64-based Systems Windows Server 2019 Windows Server 2016 Windows 10 Version 1803 for ARM64-based Systems Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows 10 for 32-bit Systems Windows 10 Version 1903 for 32-bit Systems Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows 10 Version 1607 for 32-bit Systems Microsoft Visual Studio 2019 version 16.0 Microsoft Visual Studio 2017 version 15.0 Microsoft Visual Studio 2015 Update 3 Windows Server 2016 (Server Core installation) Windows 10 Version 1709 for x64-based Systems PowerShell Core 6.1 Windows Server 2019 (Server Core installation) PowerShell Core 6.2 Windows Server, version 1803 (Server Core Installation) Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-0895 CVE-2019-0889 CVE-2019-0863 CVE-2019-0758 CVE-2019-0942 CVE-2019-0891 CVE-2019-0936 CVE-2019-0900 CVE-2019-0961 CVE-2019-0903 CVE-2019-0727 CVE-2019-0885 CVE-2019-0894 CVE-2019-0886 CVE-2019-0733 CVE-2019-0893 CVE-2019-0902 CVE-2019-0896 CVE-2019-0882 CVE-2019-0892 CVE-2019-0897 CVE-2019-0725 CVE-2019-0901 CVE-2019-0931 CVE-2019-0898 CVE-2019-0734 CVE-2019-0890 CVE-2019-0881 CVE-2019-0707 CVE-2019-0899 ADV190013
Impacts ?	ACE [?] OSI [?] SB [?] PE [?]
Related products	Microsoft Visual Studio Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10
CVE-IDS ?	CVE-2019-08950.0Unknown CVE-2019-08890.0Unknown CVE-2019-08630.0Unknown CVE-2019-07580.0Unknown CVE-2019-09420.0Unknown CVE-2019-08910.0Unknown CVE-2019-09360.0Unknown CVE-2019-09000.0Unknown CVE-2019-09610.0Unknown CVE-2019-09030.0Unknown CVE-2019-07270.0Unknown CVE-2019-08850.0Unknown CVE-2019-08940.0Unknown CVE-2019-08860.0Unknown CVE-2019-07330.0Unknown CVE-2019-08930.0Unknown CVE-2019-09020.0Unknown CVE-2019-08960.0Unknown CVE-2019-08820.0Unknown CVE-2019-08920.0Unknown CVE-2019-08970.0Unknown CVE-2019-07250.0Unknown CVE-2019-09010.0Unknown CVE-2019-09310.0Unknown CVE-2019-08980.0Unknown CVE-2019-07340.0Unknown CVE-2019-08900.0Unknown CVE-2019-08810.0Unknown CVE-2019-07070.0Unknown CVE-2019-08990.0Unknown
Microsoft official advisories	Microsoft Security Update Guide
KB list	4499179 4499181 4499158 4499171 4499165 4499167 4494441 4497936 4499151 4494440 4499154 4516066 4516068 4516064 4515384 4516044 4512578 4516058 4516067 4520011