Description
Multiple vulnerabilities were found in Microsoft Products (Extended support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
- An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows can be exploited remotely via specially crafted application to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in HID can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
Original advisories
- CVE-2019-0618
- CVE-2019-0619
- CVE-2019-0635
- CVE-2019-0636
- CVE-2019-0674
- CVE-2019-0616
- CVE-2019-0671
- CVE-2019-0615
- CVE-2019-0599
- CVE-2019-0598
- CVE-2019-0595
- CVE-2019-0597
- CVE-2019-0596
- CVE-2019-0626
- CVE-2019-0625
- CVE-2019-0623
- CVE-2019-0621
- CVE-2019-0601
- CVE-2019-0600
- CVE-2019-0602
- CVE-2019-0628
- CVE-2019-0663
- CVE-2019-0662
- CVE-2019-0661
- CVE-2019-0660
- CVE-2019-0664
- CVE-2019-0673
- ADV190006
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Office
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
CVE list
- CVE-2019-0673 critical
- CVE-2019-0674 critical
- CVE-2019-0671 critical
- CVE-2019-0636 warning
- CVE-2019-0623 high
- CVE-2019-0661 warning
- CVE-2019-0599 critical
- CVE-2019-0595 critical
- CVE-2019-0664 warning
- CVE-2019-0615 warning
- CVE-2019-0600 warning
- CVE-2019-0619 warning
- CVE-2019-0660 warning
- CVE-2019-0616 warning
- CVE-2019-0626 critical
- CVE-2019-0618 critical
- CVE-2019-0625 critical
- CVE-2019-0628 warning
- CVE-2019-0602 warning
- CVE-2019-0601 warning
- CVE-2019-0621 warning
- CVE-2019-0635 high
- CVE-2019-0597 critical
- CVE-2019-0596 critical
- CVE-2019-0630 critical
- CVE-2019-0598 critical
- CVE-2019-0662 critical
- CVE-2019-0663 warning
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!