Kaspersky ID:
KLA11608
Detect Date:
11/12/2019
Updated:
01/22/2024

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges;
  2. An information disclosure vulnerability in DirectWrite can be exploited remotely via specially crafted document to obtain sensitive information;
  3. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service;
  4. A security feature bypass vulnerability in NetLogon can be exploited remotely to bypass security restrictions;
  5. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges;
  6. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  7. An information disclosure vulnerability in Windows TCP/IP can be exploited remotely via specially crafted to obtain sensitive information;
  8. An elevation of privilege vulnerability in Windows Data Sharing Service can be exploited remotely via specially crafted application to gain privileges;
  9. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges;
  10. A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely via specially crafted to execute arbitrary code;
  11. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges;
  12. A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service;
  13. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  14. An elevation of privilege vulnerability in Microsoft ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges;
  15. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information;
  16. An elevation of privilege vulnerability in Windows AppX Deployment Extensions can be exploited remotely via specially crafted application to gain privileges;
  17. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information;
  18. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges;
  19. An information disclosure vulnerability in Windows Modules Installer Service can be exploited remotely via specially crafted application to obtain sensitive information;
  20. A remote code execution vulnerability in Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
  21. An information disclosure vulnerability in Windows Remote Procedure Call can be exploited remotely via specially crafted application to obtain sensitive information;
  22. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
  23. An information disclosure vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to obtain sensitive information;
  24. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges;
  25. An elevation of privilege vulnerability in Microsoft splwow64 can be exploited remotely to gain privileges;
  26. A security feature bypass vulnerability in Microsoft Windows can be exploited remotely via specially crafted authentication to bypass security restrictions;
  27. A remote code execution vulnerability in OpenType Font Parsing can be exploited remotely via specially crafted to execute arbitrary code;
  28. An information disclosure vulnerability in OpenType Font Driver can be exploited remotely via specially crafted fonts to obtain sensitive information;
  29. An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges;
  30. An elevation of privilege vulnerability in Windows Certificate Dialog can be exploited remotely via specially crafted application to gain privileges;
  31. An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges;
  32. An information disclosure vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to obtain sensitive information;

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2019-1415
    warning
  • CVE-2019-1411
    warning
  • CVE-2019-0712
    high
  • CVE-2019-1424
    high
  • CVE-2019-1399
    high
  • CVE-2019-1396
    high
  • CVE-2019-1395
    high
  • CVE-2019-1439
    warning
  • CVE-2019-1309
    high
  • CVE-2019-1324
    warning
  • CVE-2019-1417
    warning
  • CVE-2019-1420
    warning
  • CVE-2019-1430
    critical
  • CVE-2019-1454
    warning
  • CVE-2018-12207
    warning
  • CVE-2019-1406
    critical
  • CVE-2019-1382
    warning
  • CVE-2019-1391
    warning
  • CVE-2019-11135
    warning
  • CVE-2019-1383
    warning
  • CVE-2019-1385
    high
  • CVE-2019-1394
    high
  • CVE-2019-1434
    high
  • CVE-2019-1440
    warning
  • CVE-2019-1310
    high
  • CVE-2019-1433
    high
  • CVE-2019-1418
    warning
  • CVE-2019-0721
    critical
  • CVE-2019-1432
    warning
  • CVE-2019-1409
    warning
  • CVE-2019-1437
    high
  • CVE-2019-1389
    critical
  • CVE-2019-1393
    high
  • CVE-2019-1381
    warning
  • CVE-2019-1392
    high
  • CVE-2019-1436
    warning
  • CVE-2019-0719
    critical
  • CVE-2019-1380
    warning
  • CVE-2019-1384
    high
  • CVE-2019-1419
    high
  • CVE-2019-1408
    high
  • CVE-2019-1456
    high
  • CVE-2019-1412
    warning
  • CVE-2019-1397
    critical
  • CVE-2019-1398
    critical
  • CVE-2019-1379
    warning
  • CVE-2019-1416
    warning
  • CVE-2019-1388
    high
  • CVE-2019-1405
    high
  • CVE-2019-1374
    warning
  • CVE-2019-1438
    high
  • CVE-2019-1435
    high
  • CVE-2019-1423
    warning
  • CVE-2019-1422
    warning
  • CVE-2019-1407
    high

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.