Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows Update Client can be exploited remotely via specially crafted application to obtain sensitive information.
2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
3. An elevation of privilege vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to gain privileges.
4. An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
5. A spoofing vulnerability in Microsoft Windows Transport Layer Security can be exploited remotely to spoof user interface.
6. An elevation of privilege vulnerability in Windows Power Service can be exploited remotely via specially crafted application to gain privileges.
7. A security feature bypass vulnerability in Windows Secure Boot can be exploited remotely to bypass security restrictions.
8. An elevation of privilege vulnerability in Windows 10 Update Assistant can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Windows Error Reporting Manager can be exploited remotely via specially crafted application to gain privileges.
10. An information disclosure vulnerability in Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
11. An elevation of privilege vulnerability in Microsoft Windows Setup can be exploited remotely via specially crafted application to gain privileges.
12. An elevation of privilege vulnerability in Microsoft IIS Server can be exploited remotely to gain privileges.
13. A tampering vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
14. An information disclosure vulnerability in Windows Code Integrity Module can be exploited remotely via specially crafted application to obtain sensitive information.
15. A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service.
16. A denial of service vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to cause denial of service.
17. An elevation of privilege vulnerability in Microsoft Windows Update Client can be exploited remotely via specially crafted application to gain privileges.
18. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
19. An elevation of privilege vulnerability in Microsoft Windows CloudStore can be exploited remotely via specially crafted application to gain privileges.
20. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
21. An elevation of privilege vulnerability in Windows Redirected Drive Buffering System can be exploited remotely via specially crafted application to cause denial of service.
22. A denial of service vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely via specially crafted requests to cause denial of service.
23. A remote code execution vulnerability in MS XML can be exploited remotely via specially crafted website to execute arbitrary code.
24. A remote code execution vulnerability in Windows Imaging API can be exploited remotely via specially crafted to execute arbitrary code.

Первичный источник обнаружения

• CVE-2019-1337
  CVE-2019-1334
  CVE-2019-1322
  CVE-2019-1319
  CVE-2019-1318
  CVE-2019-1341
  CVE-2019-1368
  CVE-2019-1378
  CVE-2019-1315
  CVE-2019-1345
  CVE-2019-1230
  CVE-2019-1340
  CVE-2019-1316
  CVE-2019-1365
  CVE-2019-1166
  CVE-2019-1344
  CVE-2019-1343
  CVE-2019-1339
  CVE-2019-1317
  CVE-2019-1342
  CVE-2019-1346
  CVE-2019-1320
  CVE-2019-1323
  CVE-2019-1333
  CVE-2019-1347
  CVE-2019-1321
  CVE-2019-1358
  CVE-2019-1325
  CVE-2019-1326
  CVE-2019-1336
  CVE-2019-1359
  CVE-2019-1060
  CVE-2019-1311
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2019-1318
  high
• CVE-2019-1339
  critical
• CVE-2019-1368
  warning
• CVE-2019-1311
  critical
• CVE-2019-1340
  critical
• CVE-2019-1326
  critical
• CVE-2019-1346
  high
• CVE-2019-1344
  high
• CVE-2019-1337
  high
• CVE-2019-1320
  critical
• CVE-2019-1230
  high
• CVE-2019-1336
  critical
• CVE-2019-1322
  critical
• CVE-2019-1060
  critical
• CVE-2019-1321
  critical
• CVE-2019-1315
  critical
• CVE-2019-1166
  high
• CVE-2019-1333
  critical
• CVE-2019-1319
  critical
• CVE-2019-1334
  high
• CVE-2019-1345
  high
• CVE-2019-1341
  critical
• CVE-2019-1323
  critical
• CVE-2019-1347
  high
• CVE-2019-1365
  critical
• CVE-2019-1359
  critical
• CVE-2019-1342
  critical
• CVE-2019-1316
  critical
• CVE-2019-1358
  critical
• CVE-2019-1378
  critical
• CVE-2019-1343
  high
• CVE-2019-1317
  high
• CVE-2019-1325
  high

Список KB

• 4520010
• 4520008
• 4520007
• 4519998
• 4520005
• 4519990
• 4519985
• 4517389
• 4519338
• 4520011
• 4520004
• 4519337
• 4519765
• 4519335
• 4519336
• 4519764
• 4023814
• 4517388

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com