Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA11493
Detect Date:
06/11/2019
Updated:
01/22/2024

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
  2. A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service.
  3. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
  4. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely via specially crafted application to gain privileges.
  5. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
  7. An elevation of privilege vulnerability in Windows Storage Service can be exploited remotely via specially crafted application to gain privileges.
  8. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges.
  9. An elevation of privilege vulnerability in Windows Audio Service can be exploited remotely via specially crafted application to gain privileges.
  10. An information disclosure vulnerability in Windows Event Viewer can be exploited remotely via specially crafted to obtain sensitive information.
  11. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  12. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  13. An elevation of privilege vulnerability in Windows Network File System can be exploited remotely via specially crafted application to gain privileges.
  14. A security feature bypass vulnerability in Windows Secure Kernel Mode can be exploited remotely via specially crafted application to bypass security restrictions.
  15. A security feature bypass vulnerability in Microsoft Windows can be exploited remotely via specially crafted authentication to bypass security restrictions.
  16. A remote code execution vulnerability in Comctl32 can be exploited remotely via specially crafted website to execute arbitrary code.
  17. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  18. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  19. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  20. An elevation of privilege vulnerability in Task Scheduler can be exploited remotely to gain privileges.
  21. A denial of service vulnerability in Microsoft IIS Server can be exploited remotely via specially crafted request to cause denial of service.
  22. An elevation of privilege vulnerability in DirectX can be exploited remotely via specially crafted application to gain privileges.
  23. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
  24. A remote code execution vulnerability in ActiveX Data Objects (ADO) can be exploited remotely to execute arbitrary code.
  25. An elevation of privilege vulnerability in Windows Shell can be exploited remotely to gain privileges.
  26. A tampering vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
  27. A denial of service vulnerability in Local Security Authority Subsystem Service can be exploited remotely via specially crafted authentication to cause denial of service.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2019-1065
    high
  • CVE-2019-0959
    high
  • CVE-2019-0986
    warning
  • CVE-2019-0973
    high
  • CVE-2019-1040
    warning
  • CVE-2019-0909
    critical
  • CVE-2019-0948
    warning
  • CVE-2019-1019
    high
  • CVE-2019-1010
    warning
  • CVE-2019-1027
    warning
  • CVE-2019-1041
    high
  • CVE-2019-1053
    high
  • CVE-2019-0908
    critical
  • CVE-2019-0722
    critical
  • CVE-2019-1039
    warning
  • CVE-2019-1007
    warning
  • CVE-2019-1043
    critical
  • CVE-2019-1025
    critical
  • CVE-2019-1044
    high
  • CVE-2019-0974
    critical
  • CVE-2019-0709
    critical
  • CVE-2019-0620
    critical
  • CVE-2019-1045
    high
  • CVE-2019-0905
    critical
  • CVE-2019-1069
    high
  • CVE-2019-1014
    high
  • CVE-2019-0941
    warning
  • CVE-2019-1026
    warning
  • CVE-2019-0984
    high
  • CVE-2019-0906
    critical
  • CVE-2019-0943
    high
  • CVE-2019-1028
    warning
  • CVE-2019-1021
    warning
  • CVE-2019-1015
    warning
  • CVE-2019-1064
    high
  • CVE-2019-1046
    warning
  • CVE-2019-0888
    critical
  • CVE-2019-0907
    critical
  • CVE-2019-0711
    high
  • CVE-2019-1050
    warning
  • CVE-2019-1012
    warning
  • CVE-2019-1018
    high
  • CVE-2019-0904
    critical
  • CVE-2019-1022
    warning
  • CVE-2019-0713
    high
  • CVE-2019-1017
    high
  • CVE-2019-0998
    high
  • CVE-2019-0710
    high
  • CVE-2019-0983
    high
  • CVE-2019-0972
    high

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
23 October 2023
Kaspersky Daily
Vulnerability in Confluence Data Center and Confluence Server | Kaspersky official blog
22 April 2024
Securelist
ToddyCat is making holes in your infrastructure
18 April 2024
Securelist
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
17 April 2024
Securelist
SoumniBot: the new Android banker’s unique techniques
15 April 2024
Securelist
Using the LockBit builder to generate targeted ransomware
12 April 2024
Securelist
XZ backdoor story – Initial analysis
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.