Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service.
Below is a complete list of vulnerabilities:
- An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows GDI component can be exploited to obtain sensitive information.
- A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in Windows COM Server can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows Media Player can be exploited to obtain sensitive information.
- An information disclosure vulnerability in Windows Media Player can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in VBScript engine can be exploited to execute arbitrary code.
- A security feature bypass vulnerability in Microsoft Defender can be exploited remotely to bypass security restrictions.
- A denial of service vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely via specially crafted requests to cause denial of service.
Первичный источник обнаружения
- CVE-2019-1470
CVE-2019-1466
CVE-2019-1474
CVE-2019-1465
CVE-2019-1484
CVE-2019-1478
CVE-2019-1468
CVE-2019-1458
CVE-2019-1480
CVE-2019-1481
CVE-2019-1485
CVE-2019-1488
CVE-2019-1453
CVE-2019-1467
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
Список CVE
- CVE-2019-1484 high
- CVE-2019-1488 warning
- CVE-2019-1470 warning
- CVE-2019-1453 warning
- CVE-2019-1465 warning
- CVE-2019-1458 high
- CVE-2019-1474 warning
- CVE-2019-1481 warning
- CVE-2019-1480 warning
- CVE-2019-1467 warning
- CVE-2019-1468 critical
- CVE-2019-1478 high
- CVE-2019-1466 warning
- CVE-2019-1485 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!