Kaspersky Threats

Detect date

?

11/12/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges;
An information disclosure vulnerability in DirectWrite can be exploited remotely via specially crafted document to obtain sensitive information;
A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service;
A security feature bypass vulnerability in NetLogon can be exploited remotely to bypass security restrictions;
An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges;
An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
An information disclosure vulnerability in Windows TCP/IP can be exploited remotely via specially crafted to obtain sensitive information;
An elevation of privilege vulnerability in Windows Data Sharing Service can be exploited remotely via specially crafted application to gain privileges;
An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges;
A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely via specially crafted to execute arbitrary code;
An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges;
A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service;
A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
An elevation of privilege vulnerability in Microsoft ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges;
An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information;
An elevation of privilege vulnerability in Windows AppX Deployment Extensions can be exploited remotely via specially crafted application to gain privileges;
An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information;
An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges;
An information disclosure vulnerability in Windows Modules Installer Service can be exploited remotely via specially crafted application to obtain sensitive information;
A remote code execution vulnerability in Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
An information disclosure vulnerability in Windows Remote Procedure Call can be exploited remotely via specially crafted application to obtain sensitive information;
A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
An information disclosure vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to obtain sensitive information;
An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges;
An elevation of privilege vulnerability in Microsoft splwow64 can be exploited remotely to gain privileges;
A security feature bypass vulnerability in Microsoft Windows can be exploited remotely via specially crafted authentication to bypass security restrictions;
A remote code execution vulnerability in OpenType Font Parsing can be exploited remotely via specially crafted to execute arbitrary code;
An information disclosure vulnerability in OpenType Font Driver can be exploited remotely via specially crafted fonts to obtain sensitive information;
An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges;
An elevation of privilege vulnerability in Windows Certificate Dialog can be exploited remotely via specially crafted application to gain privileges;
An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges;
An information disclosure vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to obtain sensitive information;

Exploitation

The following public exploits exists for this vulnerability:

https://github.com/apt69/COMahawk

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1903 for 32-bit Systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 for 32-bit Systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 1709 for ARM64-based Systems
Windows Server 2012
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1803 for x64-based Systems
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 10 Version 1903 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows 10 Version 1703 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server 2019 (Server Core installation)
Windows Server 2016 (Server Core installation)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1415
CVE-2019-1411
CVE-2019-0712
CVE-2019-1424
CVE-2019-1399
CVE-2019-1396
CVE-2019-1395
CVE-2019-1439
CVE-2019-1309
CVE-2019-1324
CVE-2019-1417
CVE-2019-1420
CVE-2019-1430
CVE-2019-1454
CVE-2018-12207
CVE-2019-1406
CVE-2019-1382
CVE-2019-1391
CVE-2019-11135
CVE-2019-1383
CVE-2019-1385
CVE-2019-1394
CVE-2019-1434
CVE-2019-1440
CVE-2019-1310
CVE-2019-1433
CVE-2019-1418
CVE-2019-0721
CVE-2019-1432
CVE-2019-1409
CVE-2019-1437
CVE-2019-1389
CVE-2019-1393
CVE-2019-1381
CVE-2019-1392
CVE-2019-1436
CVE-2019-0719
CVE-2019-1380
CVE-2019-1384
CVE-2019-1419
CVE-2019-1408
CVE-2019-1456
CVE-2019-1412
CVE-2019-1397
CVE-2019-1398
CVE-2019-1379
CVE-2019-1416
CVE-2019-1388
CVE-2019-1405
CVE-2019-1374
CVE-2019-1438
CVE-2019-1435
CVE-2019-1423
CVE-2019-1422
CVE-2019-1407
ADV190024

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

Detect date ?	11/12/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges; An information disclosure vulnerability in DirectWrite can be exploited remotely via specially crafted document to obtain sensitive information; A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service; A security feature bypass vulnerability in NetLogon can be exploited remotely to bypass security restrictions; An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges; An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information; An information disclosure vulnerability in Windows TCP/IP can be exploited remotely via specially crafted to obtain sensitive information; An elevation of privilege vulnerability in Windows Data Sharing Service can be exploited remotely via specially crafted application to gain privileges; An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges; A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely via specially crafted to execute arbitrary code; An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges; A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service; A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code; An elevation of privilege vulnerability in Microsoft ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges; An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information; An elevation of privilege vulnerability in Windows AppX Deployment Extensions can be exploited remotely via specially crafted application to gain privileges; An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information; An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges; An information disclosure vulnerability in Windows Modules Installer Service can be exploited remotely via specially crafted application to obtain sensitive information; A remote code execution vulnerability in Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code; An information disclosure vulnerability in Windows Remote Procedure Call can be exploited remotely via specially crafted application to obtain sensitive information; A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code; An information disclosure vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to obtain sensitive information; An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges; An elevation of privilege vulnerability in Microsoft splwow64 can be exploited remotely to gain privileges; A security feature bypass vulnerability in Microsoft Windows can be exploited remotely via specially crafted authentication to bypass security restrictions; A remote code execution vulnerability in OpenType Font Parsing can be exploited remotely via specially crafted to execute arbitrary code; An information disclosure vulnerability in OpenType Font Driver can be exploited remotely via specially crafted fonts to obtain sensitive information; An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges; An elevation of privilege vulnerability in Windows Certificate Dialog can be exploited remotely via specially crafted application to gain privileges; An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges; An information disclosure vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to obtain sensitive information;
Exploitation	The following public exploits exists for this vulnerability: https://github.com/apt69/COMahawk Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Windows Server 2012 R2 (Server Core installation) Windows 10 Version 1607 for 32-bit Systems Windows Server 2016 Windows 10 Version 1903 for 32-bit Systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 10 for 32-bit Systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows Server, version 1903 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows 10 Version 1709 for ARM64-based Systems Windows Server 2012 Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows 10 Version 1803 for x64-based Systems Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 10 Version 1903 for x64-based Systems Windows Server 2012 (Server Core installation) Windows 10 Version 1703 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows Server, version 1709 (Server Core Installation) Windows Server, version 1803 (Server Core Installation) Windows Server 2019 (Server Core installation) Windows Server 2016 (Server Core installation)
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-1415 CVE-2019-1411 CVE-2019-0712 CVE-2019-1424 CVE-2019-1399 CVE-2019-1396 CVE-2019-1395 CVE-2019-1439 CVE-2019-1309 CVE-2019-1324 CVE-2019-1417 CVE-2019-1420 CVE-2019-1430 CVE-2019-1454 CVE-2018-12207 CVE-2019-1406 CVE-2019-1382 CVE-2019-1391 CVE-2019-11135 CVE-2019-1383 CVE-2019-1385 CVE-2019-1394 CVE-2019-1434 CVE-2019-1440 CVE-2019-1310 CVE-2019-1433 CVE-2019-1418 CVE-2019-0721 CVE-2019-1432 CVE-2019-1409 CVE-2019-1437 CVE-2019-1389 CVE-2019-1393 CVE-2019-1381 CVE-2019-1392 CVE-2019-1436 CVE-2019-0719 CVE-2019-1380 CVE-2019-1384 CVE-2019-1419 CVE-2019-1408 CVE-2019-1456 CVE-2019-1412 CVE-2019-1397 CVE-2019-1398 CVE-2019-1379 CVE-2019-1416 CVE-2019-1388 CVE-2019-1405 CVE-2019-1374 CVE-2019-1438 CVE-2019-1435 CVE-2019-1423 CVE-2019-1422 CVE-2019-1407 ADV190024
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?]
Related products	Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10
CVE-IDS ?	CVE-2019-14154.6Warning CVE-2019-14114.3Warning CVE-2019-07126.8High CVE-2019-14246.8High CVE-2019-13995.5High CVE-2019-13967.2High CVE-2019-13957.2High CVE-2019-14394.3Warning CVE-2019-13096.8High CVE-2019-13245.0Critical CVE-2019-14174.6Warning CVE-2019-14204.6Warning CVE-2019-14309.3Critical CVE-2019-14543.6Warning CVE-2018-122074.9Warning CVE-2019-14069.3Critical CVE-2019-13822.1Warning CVE-2019-13914.9Warning CVE-2019-111352.1Warning CVE-2019-13834.6Warning CVE-2019-13856.1High CVE-2019-13947.2High CVE-2019-14347.2High CVE-2019-14402.1Warning CVE-2019-13106.8High CVE-2019-14337.2High CVE-2019-14182.1Warning CVE-2019-07219.0Critical CVE-2019-14324.3Warning CVE-2019-14092.1Warning CVE-2019-14377.2High CVE-2019-13897.7Critical CVE-2019-13937.2High CVE-2019-13812.1Warning CVE-2019-13927.2High CVE-2019-14362.1Warning CVE-2019-07199.0Critical CVE-2019-13804.6Warning CVE-2019-13846.5High CVE-2019-14196.8High CVE-2019-14087.2High CVE-2019-14566.8High CVE-2019-14122.1Warning CVE-2019-13977.7Critical CVE-2019-13987.7Critical CVE-2019-13794.6Warning CVE-2019-14164.4Warning CVE-2019-13887.2High CVE-2019-14057.2High CVE-2019-13744.3Warning CVE-2019-14387.2High CVE-2019-14357.2High CVE-2019-14234.6Warning CVE-2019-14224.6Warning CVE-2019-14077.2High
Microsoft official advisories	Microsoft Security Update Guide
KB list	4520010 4520008 4520007 4519998 4520005 4519990 4519985 4517389 4519338 4520011 4520004 4525246 4525243 4524570 4525237 4525232 4525236 4523205 4525241 4525250 4525253
	Find out the statistics of the vulnerabilities spreading in your region

KLA11608Multiple vulnerabilities in Microsoft Windows

KLA11608
Multiple vulnerabilities in Microsoft Windows