Microsoft Released September Patches to Fix 81 Security Vulnerabilities

Threat Alert

Overview

Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, , Adobe Flash Player, ASP.NET, Common Log Driver, Microsoft Browsers, , Microsoft Exchange , Microsoft Graphics Component, Microsoft JET Database Engine, , Microsoft Office SharePoint, Microsoft Scripting Engine, , Microsoft , Project Rome, Servicing Stack Updates, for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows Kernel, and Windows RDP. Details can be found in the following table. Product CVE ID CVE Title Severity Level

@NSFOCUS 2019 http://www.nsfocus.com

.NET Core Denial-of-Service .NET Core CVE-2019-1301 Important Vulnerability

.NET Framework Privilege .NET Framework CVE-2019-1142 Important Escalation Vulnerability

Active Directory Federation Active Directory CVE-2019-1273 Important Services XSS Vulnerability

September 2019 Adobe Flash Adobe Flash Player ADV190022 Critical Security Update

ASP.NET Core Elevation Of ASP.NET CVE-2019-1302 Important Privilege Vulnerability

Windows Common Log File Driver CVE-2019-1214 System Driver Privilege Escalation Important Vulnerability

Windows Common Log File Common Log File System Driver CVE-2019-1282 System Driver Information Important Disclosure Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Microsoft Browser Security Feature Microsoft Browsers CVE-2019-1220 Important Bypass Vulnerability

Microsoft Edge based on Edge Microsoft Edge CVE-2019-1299 HTML Information Disclosure Important Vulnerability

Microsoft Exchange Denial-of- Microsoft Exchange Server CVE-2019-1233 Important Service Vulnerability

Microsoft Exchange Spoofing Microsoft Exchange Server CVE-2019-1266 Important Vulnerability

DirectX Information Disclosure Microsoft Graphics Component CVE-2019-1216 Important Vulnerability

DirectWrite Information Disclosure Microsoft Graphics Component CVE-2019-1244 Important Vulnerability

DirectWrite Information Disclosure Microsoft Graphics Component CVE-2019-1245 Important Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

DirectWrite Information Disclosure Microsoft Graphics Component CVE-2019-1251 Important Vulnerability

Windows GDI Information Microsoft Graphics Component CVE-2019-1252 Important Disclosure Vulnerability

Microsoft Graphics Components Microsoft Graphics Component CVE-2019-1283 Information Disclosure Important Vulnerability

DirectX Privilege Escalation Microsoft Graphics Component CVE-2019-1284 Important Vulnerability

Windows GDI Information Microsoft Graphics Component CVE-2019-1286 Important Disclosure Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1240 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1241 Important Execution Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1242 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1243 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1246 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1247 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1248 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1249 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1250 Important Execution Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Microsoft Excel Remote Code Microsoft Office CVE-2019-1297 Important Execution Vulnerability

Microsoft Excel Information Microsoft Office CVE-2019-1263 Important Disclosure Vulnerability

Microsoft Office Security Feature Microsoft Office CVE-2019-1264 Important Bypass Vulnerability

Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-1257 Critical Execution Vulnerability

Microsoft SharePoint Spoofing Microsoft Office SharePoint CVE-2019-1259 Moderate Vulnerability

Microsoft SharePoint Privilege Microsoft Office SharePoint CVE-2019-1260 Important Escalation Vulnerability

Microsoft SharePoint Spoofing Microsoft Office SharePoint CVE-2019-1261 Important Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Microsoft Office SharePoint XSS Microsoft Office SharePoint CVE-2019-1262 Important Vulnerability

Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-1295 Critical Execution Vulnerability

Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-1296 Critical Execution Vulnerability

Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1138 Moderate Corruption Vulnerability

Microsoft Scripting Engine CVE-2019-1208 VBScript Remote Code Execution Critical Vulnerability Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1217 Critical Corruption Vulnerability

Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1221 Critical Corruption Vulnerability

VBScript Remote Code Execution Microsoft Scripting Engine CVE-2019-1236 Critical Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1237 Critical Corruption Vulnerability

Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1298 Moderate Corruption Vulnerability

Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1300 Critical Corruption Vulnerability

Windows Privilege Escalation Microsoft Windows CVE-2019-1215 Important Vulnerability

Windows Transaction Manager Microsoft Windows CVE-2019-1219 Information Disclosure Important Vulnerability

Microsoft Compatibility Appraiser Microsoft Windows CVE-2019-1267 Important Privilege Escalation Vulnerability

Winlogon Privilege Escalation Microsoft Windows CVE-2019-1268 Important Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Windows ALPC Privilege Microsoft Windows CVE-2019-1269 Important Escalation Vulnerability

Microsoft Windows Store Installer Microsoft Windows CVE-2019-1270 Important Privilege Escalation Vulnerability

Windows Media Privilege Microsoft Windows CVE-2019-1271 Important Escalation Vulnerability

Windows ALPC Privilege Microsoft Windows CVE-2019-1272 Important Escalation Vulnerability

Windows Text Service Framework Microsoft Windows CVE-2019-1235 Important Privilege Escalation Vulnerability

Windows Privilege Escalation Microsoft Windows CVE-2019-1253 Important Vulnerability

Windows Audio Service Privilege Microsoft Windows CVE-2019-1277 Important Escalation Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Windows Privilege Escalation Microsoft Windows CVE-2019-1278 Important Vulnerability

LNK Remote Code Execution Microsoft Windows CVE-2019-1280 Critical Vulnerability

Windows Network Connectivity Microsoft Windows CVE-2019-1287 Assistant Privilege Escalation Important Vulnerability

Windows Update Delivery Microsoft Windows CVE-2019-1289 Optimization Privilege Escalation Important Vulnerability

Windows Denial-of-Service Microsoft Windows CVE-2019-1292 Important Vulnerability

Windows Secure Boot Security Microsoft Windows CVE-2019-1294 Important Feature Bypass Vulnerability

Windows Privilege Escalation Microsoft Windows CVE-2019-1303 Important Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Microsoft Yammer Security Microsoft Yammer CVE-2019-1265 Important Feature Bypass Vulnerability

Rome SDK Information Disclosure Project Rome CVE-2019-1231 Important Vlunerability

Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical

Lync 2013 Information Disclosure Skype for Business and Microsoft Lync CVE-2019-1209 Important Vlunerability

Team Foundation Server Cross-site Team Foundation Server CVE-2019-1305 Important Scripting Vulnerability

Azure DevOps and Team Team Foundation Server CVE-2019-1306 Foundation Server Remote Code Critical Execution Vulnerability

Diagnostics Hub Standard Visual Studio CVE-2019-1232 Collector Service Privilege Important Escalation Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Windows Hyper-V Denial-of- Windows Hyper-V CVE-2019-0928 Important Service Vulnerability

Windows Hyper-V Information Windows Hyper-V CVE-2019-1254 Important Disclosure Vulnerability

Windows Kernel Information Windows Kernel CVE-2019-1274 Important Disclosure Vulnerability

Win32k Privilege Escalation Windows Kernel CVE-2019-1256 Important Vulnerability

Win32k Privilege Escalation Windows Kernel CVE-2019-1285 Important Vulnerability

Windows SMB Client Driver Windows Kernel CVE-2019-1293 Information Disclosure Important Vulnerability

Remote Desktop Client Remote Windows RDP CVE-2019-0787 Critical Code Execution Vulnerability

@NSFOCUS 2019 http://www.nsfocus.com

Remote Desktop Client Remote Windows RDP CVE-2019-0788 Critical Code Execution Vulnerability

Remote Desktop Client Remote Windows RDP CVE-2019-1290 Critical Code Execution Vulnerability

Remote Desktop Client Remote Windows RDP CVE-2019-1291 Critical Code Execution Vulnerability

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

@NSFOCUS 2019 http://www.nsfocus.com

Appendix

ADV190022 - September 2019 Adobe Flash Security Update

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating CVE Title: September 2019 Adobe Flash Security Update Description: This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB19-46: CVE-2019-8069 and CVE-2019-8070. . ADV19002 Remote 2 Critical Code MITRE FAQ: Execution NVD How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is using for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a web-based attack scenario where the user is using Internet Explorer in the -style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.

Mitigations:

Workarounds:

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update. Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your . Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for the control in the registry, perform the following steps:

1. Paste the following into a text file and save it with the .reg file extension. 2. Editor Version 5.00 3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] 4. "Compatibility Flags"=dword:00000400 5. 6. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] 7. "Compatibility Flags"=dword:00000400

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating 8. Double-click the .reg file to apply it to an individual system.

You can also apply this workaround across domains by using . For more information about Group Policy, see the TechNet article, Group Policy collection. Note You must restart Internet Explorer for your changes to take effect. Impact of workaround. There is no impact as long as the object is not intended to be used in Internet Explorer. How to undo the workaround. Delete the registry keys that were added in implementing this workaround. Prevent Adobe Flash Player from running in Internet Explorer through Group Policy Note The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites: Group Policy Overview What is Group Policy Object Editor? Core Group Policy tools and To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps: Note This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.

1. Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as local machine, OU, or domain GPO. 2. Navigate to the following node: Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Add-on Management

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating 3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects. 4. Change the setting to Enabled. 5. Click Apply and then click OK to return to the Group Policy Management Console. 6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect. Prevent Adobe Flash Player from running in Office 2010 on affected systems Note This workaround does not prevent Adobe Flash Player from running in Internet Explorer. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:

1. Create a text file named Disable_Flash.reg with the following contents:

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D 27CDB6E-AE6D-11CF-96B8-444553540000}] "Compatibility Flags"=dword:00000400

2. Double-click the .reg file to apply it to an individual system. 3. Note You must restart Internet Explorer for your changes to take effect. You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection. Prevent ActiveX controls from running in Office 2007 and Office 2010

To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer, perform the following steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings. 2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications. 3. Click OK to save your settings. Impact of workaround. Office documents that use embedded ActiveX controls may not display as intended. How to undo the workaround.

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:

1. Click File, click Options, click Trust Center, and then click Trust Center Settings. 2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without notifications. 3. Click OK to save your settings. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and in these zones You can help protect against exploitation of these vulnerabilities by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.

To raise the browsing security level in Internet Explorer, perform the following steps:

1. On the Internet Explorer Tools menu, click** Internet Option**s. 2. In the Internet Options dialog box, click the Security tab, and then click Internet. 3. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High. 4. Click Local intranet. 5. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating 6. Click OK to accept the changes and return to Internet Explorer. Note If no slider is visible, click Default Level, and then move the slider to High. Note Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High. Impact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone". Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

You can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:

1. In Internet Explorer, click Internet Options on the Tools menu. 2. Click the Security tab.

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating 3. Click Internet, and then click Custom Level. 4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK. 5. Click Local intranet, and then click Custom Level. 6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK. 7. Click OK to return to Internet Explorer, and then click OK again. Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly. Impact of workaround. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone". Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.

To do this, perform the following steps:

1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab. 2. In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites. 3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box. 4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add. 5. Repeat these steps for each site that you want to add to the zone. 6. Click OK two times to accept the changes and return to Internet Explorer. Note Add any sites that you trust not to take malicious action on your system. Two sites in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and they require an ActiveX control to install the update.

@NSFOCUS 2019 http://www.nsfocus.com

Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating

Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

ADV190022 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4516115 Security Remote Code Temporal: Adobe Flash Player on 2012 Update Critical 4503308 Yes Execution N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

ADV190022 Base: N/A 4516115 Security Adobe Flash Player on Windows 8.1 for 32-bit Remote Code Temporal: Update Critical 4503308 Yes systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 8.1 for x64- Remote Code Temporal: Update Critical 4503308 Yes based systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Remote Code Temporal: Adobe Flash Player on R2 Update Critical 4503308 Yes Execution N/A

Vector: N/A Base: N/A 4516115 Security Remote Code Temporal: Adobe Flash Player on Windows RT 8.1 Update Critical 4503308 Yes Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on for 32-bit Remote Code Temporal: Update Critical 4503308 Yes Systems Execution N/A

Vector: N/A 4516115 Security Adobe Flash Player on Windows 10 for x64- Remote Code Base: N/A Update Critical 4503308 Yes based Systems Execution Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

ADV190022 N/A Vector: N/A Base: N/A 4516115 Security Remote Code Temporal: Adobe Flash Player on Update Critical 4503308 Yes Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1607 for 32-bit Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1607 for x64-based Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1703 for 32-bit Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1703 for x64-based Systems Execution N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

ADV190022 Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1709 for 32-bit Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1709 for x64-based Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1803 for 32-bit Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1803 for x64-based Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1803 for ARM64-based Systems Execution N/A

Vector: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Base: N/A Update Critical 4503308 Yes 1809 for 32-bit Systems Execution Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

ADV190022 N/A Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1809 for x64-based Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1809 for ARM64-based Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Remote Code Temporal: Adobe Flash Player on Update Critical 4503308 Yes Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1709 for ARM64-based Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1903 for 32-bit Systems Execution N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

ADV190022 Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1903 for x64-based Systems Execution N/A

Vector: N/A Base: N/A 4516115 Security Adobe Flash Player on Windows 10 Version Remote Code Temporal: Update Critical 4503308 Yes 1903 for ARM64-based Systems Execution N/A

Vector: N/A

ADV990001 - Latest Servicing Stack Updates

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Latest Servicing Stack Updates Description: ADV990001 This is a list of the latest servicing stack updates for each operating system. This list will be Defense in MITRE updated whenever a new servicing stack update is released. It is important to install the latest Critical Depth NVD servicing stack update.

FAQ:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating 1. Why are all of the Servicing Stack Updates (SSU) critical updates? The SSUs are classified as Critical updates. This does not indicate that there is a critical vulnerability being addressed in the update. 2. When was the most recent SSU released for each version of Microsoft Windows? Please refer to the following table for the most recent SSU release. We will update the entries any time a new SSU is released:

Product SSU Package Date Released 4517134 September 2019 /Server 2008 R2 4516655 September 2019 Windows Server 2012 4512939 September 2019 Windows 8.1/Server 2012 R2 4512938 September 2019 Windows 10 4512573 September 2019 /Server 2016 4512574 September 2019 4511839 September 2019 Windows 10 1709 4512575 September 2019 Windows 10 1803/Windows Server, version 1803 4512576 September 2019 Windows 10 1809/Server 2019 4512577 September 2019

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Windows 10 1903/Windows Server, version 1903 4515383 September 2019

Mitigations: None Workarounds: None Revision: 9.0 06/11/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 version 1607, Windows Server 2016, , and Windows Server 2019. See the FAQ section for more information. 10.0 06/14/2019 07:00:00 A Servicing Stack Update has been released for and Windows Server, version 1903 ( installation). See the FAQ section for more information. 12.0 07/24/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 8.0 05/14/2019 07:00:00

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10 version 1607, Windows Server 2016, Windows 10 version 1703, , Windows Server, version 1709, , Windows Server, version 1803, Windows 10 version 1809, Windows Server 2019, Windows 10 version 1809 and Windows Server, version 1809. See the FAQ section for more information. 1.2 12/03/2018 08:00:00 FAQs have been added to further explain Security Stack Updates. The FAQs include a table that indicates the most recent SSU release for each Windows version. This is an informational change only. 3.2 12/12/2018 08:00:00 Fixed a typo in the FAQ. 7.0 04/09/2019 07:00:00 A Servicing Stack Update has been released for Windows Server 2008 and Windows Server 2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019, and Windows Server 2019 (Server Core installation). See the FAQ section for more information. 3.1 12/11/2018 08:00:00 Updated supersedence information. This is an informational change only. 6.0 03/12/2019 07:00:00

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating A Servicing Stack Update has been released for Windows 7 and and Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information. 1.1 11/14/2018 08:00:00 Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational change only. 1.0 11/13/2018 08:00:00 Information published. 13.0 07/26/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server, version 1903 (Server Core installation). See the FAQ section for more information. 4.0 01/08/2019 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section for more information. 5.1 02/13/2019 08:00:00 In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1809 for x64-based Systems to 4470788. This is an informational change only. 14.0 09/10/2019 07:00:00

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ section for more information. 3.0 12/11/2018 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 5.0 02/12/2019 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1607, Windows Server 2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703; Windows 10 Version 1709 and Windows Server, version 1709 (Server Core Installation); Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 2.0 12/05/2018 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 11.0 07/09/2019 07:00:00 A Servicing Stack Update has been released for all supported versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1, and Windows Server 2012. See the FAQ section for more information.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating 5.2 02/14/2019 08:00:00 In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1803 for x64-based Systems to 4485449. This is an informational change only.

Affected Software

The following tables list the affected software details for the vulnerability.

ADV990001 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4516655 Servicing Defense in Temporal: Windows 7 for 32-bit Systems Service Pack 1 Stack Update Critical Yes Depth N/A

Vector: N/A 4516655 Servicing Defense in Base: N/A Windows 7 for x64-based Systems Service Pack 1 Stack Update Critical Yes Depth Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

ADV990001 N/A Vector: N/A Base: N/A 4516655 Servicing Windows Server 2008 R2 for x64-based Systems Defense in Temporal: Stack Update Critical Yes Service Pack 1 (Server Core installation) Depth N/A

Vector: N/A Base: N/A 4516655 Servicing Windows Server 2008 R2 for Itanium-Based Defense in Temporal: Stack Update Critical Yes Systems Service Pack 1 Depth N/A

Vector: N/A Base: N/A 4516655 Servicing Windows Server 2008 R2 for x64-based Systems Defense in Temporal: Stack Update Critical Yes Service Pack 1 Depth N/A

Vector: N/A Base: N/A 4517134 Servicing Windows Server 2008 for 32-bit Systems Service Defense in Temporal: Stack Update Critical Yes Pack 2 (Server Core installation) Depth N/A

Vector: N/A Base: N/A 4512939 Servicing Defense in Temporal: Windows Server 2012 Stack Update Critical Yes Depth N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

ADV990001 Base: N/A 4512939 Servicing Defense in Temporal: Windows Server 2012 (Server Core installation) Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512938 Servicing Defense in Temporal: Windows 8.1 for 32-bit systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512938 Servicing Defense in Temporal: Windows 8.1 for x64-based systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512938 Servicing Defense in Temporal: Windows Server 2012 R2 Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512938 Servicing Defense in Temporal: Windows Server 2012 R2 (Server Core installation) Stack Update Critical Yes Depth N/A

Vector: N/A 4512573 Servicing Defense in Base: N/A Windows 10 for 32-bit Systems Stack Update Critical Yes Depth Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

ADV990001 N/A Vector: N/A Base: N/A 4512573 Servicing Defense in Temporal: Windows 10 for x64-based Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512574 Servicing Defense in Temporal: Windows Server 2016 Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512574 Servicing Defense in Temporal: Windows 10 Version 1607 for 32-bit Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512574 Servicing Defense in Temporal: Windows 10 Version 1607 for x64-based Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512574 Servicing Defense in Temporal: Windows Server 2016 (Server Core installation) Stack Update Critical Yes Depth N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

ADV990001 Base: N/A 4511839 Servicing Defense in Temporal: Windows 10 Version 1703 for 32-bit Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4511839 Servicing Defense in Temporal: Windows 10 Version 1703 for x64-based Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512575 Servicing Defense in Temporal: Windows 10 Version 1709 for 32-bit Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512575 Servicing Defense in Temporal: Windows 10 Version 1709 for x64-based Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512576 Servicing Defense in Temporal: Windows 10 Version 1803 for 32-bit Systems Stack Update Critical Yes Depth N/A

Vector: N/A 4512576 Servicing Defense in Base: N/A Windows 10 Version 1803 for x64-based Systems Stack Update Critical Yes Depth Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

ADV990001 N/A Vector: N/A Base: N/A 4512576 Servicing Windows Server, version 1803 (Server Core Defense in Temporal: Stack Update Critical Yes Installation) Depth N/A

Vector: N/A Base: N/A 4512576 Servicing Windows 10 Version 1803 for ARM64-based Defense in Temporal: Stack Update Critical Yes Systems Depth N/A

Vector: N/A Base: N/A 4512577 Servicing Defense in Temporal: Windows 10 Version 1809 for 32-bit Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512577 Servicing Defense in Temporal: Windows 10 Version 1809 for x64-based Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512577 Servicing Windows 10 Version 1809 for ARM64-based Defense in Temporal: Stack Update Critical Yes Systems Depth N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

ADV990001 Base: N/A 4512577 Servicing Defense in Temporal: Windows Server 2019 Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512577 Servicing Defense in Temporal: Windows Server 2019 (Server Core installation) Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4512575 Servicing Windows 10 Version 1709 for ARM64-based Defense in Temporal: Stack Update Critical Yes Systems Depth N/A

Vector: N/A Base: N/A 4515383 Servicing Defense in Temporal: Windows 10 Version 1903 for 32-bit Systems Stack Update Critical Yes Depth N/A

Vector: N/A Base: N/A 4515383 Servicing Defense in Temporal: Windows 10 Version 1903 for x64-based Systems Stack Update Critical Yes Depth N/A

Vector: N/A 4515383 Servicing Windows 10 Version 1903 for ARM64-based Defense in Base: N/A Stack Update Critical Yes Systems Depth Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

ADV990001 N/A Vector: N/A Base: N/A 4515383 Servicing Windows Server, version 1903 (Server Core Defense in Temporal: Stack Update Critical Yes installation) Depth N/A

Vector: N/A Base: N/A 4517134 Servicing Windows Server 2008 for Itanium-Based Systems Defense in Temporal: Stack Update Critical Yes Service Pack 2 Depth N/A

Vector: N/A Base: N/A 4517134 Servicing Windows Server 2008 for 32-bit Systems Service Defense in Temporal: Stack Update Critical Yes Pack 2 Depth N/A

Vector: N/A Base: N/A 4517134 Servicing Windows Server 2008 for x64-based Systems Defense in Temporal: Stack Update Critical Yes Service Pack 2 Depth N/A

Vector: N/A Base: N/A 4517134 Servicing Windows Server 2008 for x64-based Systems Defense in Temporal: Stack Update Critical Yes Service Pack 2 (Server Core installation) Depth N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0787 - Remote Desktop Client Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Remote Desktop Client Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install CVE- programs; view, change, or delete data; or create new accounts with full user rights. 2019- Remote Code 0787 To exploit this vulnerability, an attacker would need to have control of a server and then convince Critical Execution MITRE a user to connect to it. An attacker would have no way of forcing a user to connect to the NVD malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0787 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0787 4516033 Windows 7 Security Base: 7.5 for 32-bit Only Remote Temporal: 6.7 Systems 4516065 Critical Code 4512506 Yes Vector: Service Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Pack 1 Rollup

4516033 Windows 7 Security for x64- Base: 7.5 Only Remote based Temporal: 6.7 4516065 Critical Code 4512506 Yes Systems Vector: Monthly Execution Service CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Pack 1

4516064 Security Base: 7.5 Windows Only Remote Temporal: 6.7 8.1 for 32- 4516067 Critical Code 4512488 Yes Vector: bit systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0787 4516064 Security Windows Base: 7.5 Only Remote 8.1 for x64- Temporal: 6.7 4516067 Critical Code 4512488 Yes based Vector: Monthly Execution systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.5 Remote Windows Monthly Temporal: 6.7 Critical Code 4512488 Yes RT 8.1 Rollup Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.5 Windows Remote Security Temporal: 6.7 10 for 32- Critical Code 4512497 Yes Update Vector: bit Systems Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516070 Base: 7.5 Remote 10 for x64- Security Temporal: 6.7 Critical Code 4512497 Yes based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512517 Yes 1607 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0787 Windows 4516044 Base: 7.5 10 Version Remote Security Temporal: 6.7 1607 for Critical Code 4512517 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4516068 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512507 Yes 1703 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516068 Base: 7.5 10 Version Remote Security Temporal: 6.7 1703 for Critical Code 4512507 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4516066 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512516 Yes 1709 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516066 Base: 7.5 10 Version Remote Security Temporal: 6.7 1709 for Critical Code 4512516 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0787 Windows 4516058 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512501 Yes 1803 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.5 10 Version Remote Security Temporal: 6.7 1803 for Critical Code 4512501 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4516058 Base: 7.5 Remote 1803 for Security Temporal: 6.7 Critical Code 4512501 Yes ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4512578 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4511553 Yes 1809 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4512578 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4511553 Yes Update Vector: 1809 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0787 x64-based Systems Windows 10 Version 4512578 Base: 7.5 Remote 1809 for Security Temporal: 6.7 Critical Code 4511553 Yes ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4516066 Base: 7.5 Remote 1709 for Security Temporal: 6.7 Critical Code 4512516 Yes ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512508 Yes 1903 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4515384 Base: 7.5 10 Version Remote Security Temporal: 6.7 1903 for Critical Code 4512508 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0787 Windows 10 Version 4515384 Base: 7.5 Remote 1903 for Security Temporal: 6.7 Critical Code 4512508 Yes ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

CVE-2019-0788 - Remote Desktop Client Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Remote Desktop Client Remote Code Execution Vulnerability CVE- Description: 2019- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user Remote Code 0788 Critical connects to a malicious server. An attacker who successfully exploited this vulnerability could Execution MITRE execute arbitrary code on the computer of the connecting client. An attacker could then install NVD programs; view, change, or delete data; or create new accounts with full user rights.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0788 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516064 Security Base: 7.5 Windows Only Remote Temporal: 6.7 8.1 for 32- 4516067 Critical Code 4512488 Yes Vector: bit systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Windows Base: 7.5 Only Remote 8.1 for x64- Temporal: 6.7 4516067 Critical Code 4512488 Yes based Vector: Monthly Execution systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0788 4516067 Base: 7.5 Remote Windows Monthly Temporal: 6.7 Critical Code 4512488 Yes RT 8.1 Rollup Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.5 Windows Remote Security Temporal: 6.7 10 for 32- Critical Code 4512497 Yes Update Vector: bit Systems Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516070 Base: 7.5 Remote 10 for x64- Security Temporal: 6.7 Critical Code 4512497 Yes based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512517 Yes 1607 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.5 10 Version Remote Security Temporal: 6.7 1607 for Critical Code 4512517 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0788 Windows 4516068 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512507 Yes 1703 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516068 Base: 7.5 10 Version Remote Security Temporal: 6.7 1703 for Critical Code 4512507 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4516066 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512516 Yes 1709 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516066 Base: 7.5 10 Version Remote Security Temporal: 6.7 1709 for Critical Code 4512516 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4516058 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512501 Yes 1803 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0788 Windows 4516058 Base: 7.5 10 Version Remote Security Temporal: 6.7 1803 for Critical Code 4512501 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4516058 Base: 7.5 Remote 1803 for Security Temporal: 6.7 Critical Code 4512501 Yes ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4512578 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4511553 Yes 1809 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.5 10 Version Remote Security Temporal: 6.7 1809 for Critical Code 4511553 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Remote 4512578 Base: 7.5 10 Version Critical Code 4511553 Yes Security Temporal: 6.7 1809 for Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0788 ARM64- Update Vector: based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4516066 Base: 7.5 Remote 1709 for Security Temporal: 6.7 Critical Code 4512516 Yes ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512508 Yes 1903 for 32- Update Vector: Execution bit Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4515384 Base: 7.5 10 Version Remote Security Temporal: 6.7 1903 for Critical Code 4512508 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4512508 Yes 1903 for Update Vector: Execution ARM64- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0788 based Systems

CVE-2019-0928 - Windows Hyper-V Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Hyper-V Denial of Service Vulnerability Description: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an CVE- attacker who already has a privileged account on a guest operating system, running as a virtual 2019- machine, could run a specially crafted application that causes a host machine to crash. Denial of 0928 Important To exploit the vulnerability, an attacker who already has a privileged account on a guest operating Service MITRE system, running as a virtual machine, could run a specially crafted application. NVD The security update addresses the vulnerability by resolving a number of conditions where Hyper- V would fail to prevent a guest operating system from sending malicious requests.

FAQ:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0928 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0928 4516070 Base: 5.4 Windows 10 Denial Security Temporal: 4.9 for x64-based Important of 4512497 Yes Update Vector: Systems Service CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 4516044 Base: 5.4 Denial Windows Security Temporal: 4.9 Important of 4512517 Yes Server 2016 Update Vector: Service CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.4 Denial Version 1607 Security Temporal: 4.9 Important of 4512517 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 5.4 Denial Server 2016 Security Temporal: 4.9 Important of 4512517 Yes (Server Core Update Vector: Service installation) CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.4 Denial Version 1703 Security Temporal: 4.9 Important of 4512507 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Denial Windows 10 4516066 Base: 5.4 Important of 4512516 Yes Version 1709 Security Temporal: 4.9 Service

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-0928 for x64-based Update Vector: Systems CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.4 Denial Version 1803 Security Temporal: 4.9 Important of 4512501 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 5.4 Server, Denial Security Temporal: 4.9 version 1803 Important of 4512501 Yes Update Vector: (Server Core Service CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Installation)

CVE-2019-1138 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability CVE- Description: Remote Code 2019- Moderate A remote code execution vulnerability exists in the way that the Chakra scripting engine handles Execution 1138 objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE an attacker could execute arbitrary code in the context of the current user. An attacker who NVD successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1138 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Edge 4516044 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4512517 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2016

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1138 Microsoft Edge (EdgeHTML- 4516044 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512517 Yes Windows 10 Update Vector: Execution Version 1607 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516044 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512517 Yes Windows 10 Update Vector: Execution Version 1607 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge 4516068 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Critical Code 4512507 Yes based) on Update Vector: Execution Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1703

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1138 for 32-bit Systems Microsoft Edge (EdgeHTML- 4516068 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512507 Yes Windows 10 Update Vector: Execution Version 1703 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft 4516066 Base: 4.2 Edge Remote Security Temporal: 3.8 (EdgeHTML- Critical Code 4512516 Yes Update Vector: based) on Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1138 Version 1709 for x64-based Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft 4516058 Base: 4.2 Remote Edge Security Temporal: 3.8 Critical Code 4512501 Yes (EdgeHTML- Update Vector: Execution based) on CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1138 Windows 10 Version 1803 for ARM64- based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Remote 4512578 Base: 4.2 Edge Critical Code 4511553 Yes Security Temporal: 3.8 (EdgeHTML- Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1138 based) on Update Vector: Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1809 for ARM64- based Systems Microsoft Edge 4512578 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4511553 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2019 Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft 4515384 Base: 4.2 Remote Edge Security Temporal: 3.8 Critical Code 4512508 Yes (EdgeHTML- Update Vector: Execution based) on CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1138 Windows 10 Version 1903 for 32-bit Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Release Remote Base: 4.2 ChakraCore Notes Critical Code 4512508 Maybe Temporal: 3.8 Security Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1138 Update Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVE-2019-1142 - .NET Framework Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: .NET Framework Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited CVE- this vulnerability could write files to folders that require higher privileges than what the attacker 2019- already has. Elevation of 1142 Important To exploit the vulnerability, an attacker would need to log into a system. The attacker could then Privilege MITRE specify the targeted folder and trigger an affected process to run. NVD The update addresses the vulnerability correcting how the .NET Framework CLR process logs data.

FAQ:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating There are two updates for .NET Framework 3.5 installed on Windows 10 version 1809 and Windows Server 2019. How do I know which update I need to install? The security updates for Windows 10 version 1809 and Windows Server 2019 include both .NET Framework 3.5 and 4.7.2 or 4.8. Customers running these versions of Windows 10 need to determine if they are also running .NET Framework 4.7.2 or .NET Framework 4.8. Install the security update that includes that second version of .NET Framework.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1142 CVSS Restart Product KB Article Severity Impact Supersedence Score Set Required 4514598 Security Only Base: N/A 4514603 Elevation of Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 2012 Important Maybe Monthly Privilege N/A Rollup Vector: N/A

4514598 Security Only Base: N/A Microsoft .NET Framework 4.5.2 on Windows Server 2012 4514603 Elevation of Temporal: Important Maybe (Server Core installation) Monthly Privilege N/A Rollup Vector: N/A

4514599 Base: N/A Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32- Security Only Elevation of Temporal: Important Maybe bit systems 4514604 Privilege N/A Monthly Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Rollup

4514599 Security Only Base: N/A Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64- 4514604 Elevation of Temporal: Important Maybe based systems Monthly Privilege N/A Rollup Vector: N/A

4514599 Security Only Base: N/A Microsoft .NET Framework 4.5.2 on Windows Server 2012 4514604 Elevation of Temporal: Important Maybe R2 Monthly Privilege N/A Rollup Vector: N/A

4514604 Base: N/A Monthly Elevation of Temporal: Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Important Maybe Rollup Privilege N/A Vector: N/A 4514599 Base: N/A Microsoft .NET Framework 4.5.2 on Windows Server 2012 Security Only Elevation of Temporal: Important Maybe R2 (Server Core installation) 4514604 Privilege N/A Monthly Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Rollup

4514598 Security Only Base: N/A Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 4514603 Elevation of Temporal: Important Maybe on Windows Server 2012 Monthly Privilege N/A Rollup Vector: N/A

4514598 Security Only Base: N/A Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 4514603 Elevation of Temporal: Important Maybe on Windows Server 2012 (Server Core installation) Monthly Privilege N/A Rollup Vector: N/A

4514599 Security Only Base: N/A Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 4514604 Elevation of Temporal: Important Maybe on Windows 8.1 for 32-bit systems Monthly Privilege N/A Rollup Vector: N/A

4514599 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Elevation of Base: N/A Security Only Important Maybe on Windows 8.1 for x64-based systems Privilege Temporal: 4514604

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Monthly N/A Rollup Vector: N/A

4514599 Security Only Base: N/A Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 4514604 Elevation of Temporal: Important Maybe on Windows Server 2012 R2 Monthly Privilege N/A Rollup Vector: N/A

4514604 Base: N/A Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Monthly Elevation of Temporal: Important Maybe on Windows RT 8.1 Rollup Privilege N/A Vector: N/A 4514599 Security Only Base: N/A Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 4514604 Elevation of Temporal: Important Maybe on Windows Server 2012 R2 (Server Core installation) Monthly Privilege N/A Rollup Vector: N/A

4514598 Base: N/A Security Only Elevation of Temporal: Microsoft .NET Framework 4.8 on Windows Server 2012 Important Maybe 4514603 Privilege N/A Monthly Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Rollup

4514598 Security Only Base: N/A Microsoft .NET Framework 4.8 on Windows Server 2012 4514603 Elevation of Temporal: Important Maybe (Server Core installation) Monthly Privilege N/A Rollup Vector: N/A

4514599 Security Only Base: N/A Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit 4514604 Elevation of Temporal: Important Maybe systems Monthly Privilege N/A Rollup Vector: N/A

4514599 Security Only Base: N/A Microsoft .NET Framework 4.8 on Windows 8.1 for x64- 4514604 Elevation of Temporal: Important Maybe based systems Monthly Privilege N/A Rollup Vector: N/A

4514599 Microsoft .NET Framework 4.8 on Windows Server 2012 Elevation of Base: N/A Security Only Important Maybe R2 Privilege Temporal: 4514604

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Monthly N/A Rollup Vector: N/A

4514604 Base: N/A Monthly Elevation of Temporal: Microsoft .NET Framework 4.8 on Windows RT 8.1 Important Maybe Rollup Privilege N/A Vector: N/A 4514599 Security Only Base: N/A Microsoft .NET Framework 4.8 on Windows Server 2012 4514604 Elevation of Temporal: Important Maybe R2 (Server Core installation) Monthly Privilege N/A Rollup Vector: N/A

4514354 Base: N/A Security Elevation of Temporal: Microsoft .NET Framework 4.8 on Windows Server 2016 Important Maybe Update Privilege N/A Vector: N/A 4514354 Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version Security Elevation of Temporal: Important Maybe 1607 for 32-bit Systems Update Privilege N/A Vector: N/A Microsoft .NET Framework 4.8 on Windows 10 Version 4514354 Elevation of Base: N/A Important Maybe 1607 for x64-based Systems Security Privilege Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Update N/A Vector: N/A 4514354 Base: N/A Microsoft .NET Framework 4.8 on Windows Server 2016 Security Elevation of Temporal: Important Maybe (Server Core installation) Update Privilege N/A Vector: N/A 4514355 Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version Security Elevation of Temporal: Important Maybe 1703 for 32-bit Systems Update Privilege N/A Vector: N/A 4514355 Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version Security Elevation of Temporal: Important Maybe 1703 for x64-based Systems Update Privilege N/A Vector: N/A 4514356 Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version Security Elevation of Temporal: Important Maybe 1709 for 32-bit Systems Update Privilege N/A Vector: N/A 4514356 Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version Security Elevation of Temporal: Important Maybe 1709 for x64-based Systems Update Privilege N/A Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 4514357 Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version Security Elevation of Temporal: Important Maybe 1803 for 32-bit Systems Update Privilege N/A Vector: N/A 4514357 Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version Security Elevation of Temporal: Important Maybe 1803 for x64-based Systems Update Privilege N/A Vector: N/A 4516058 Base: N/A Microsoft .NET Framework 4.8 on Windows Server, Security Elevation of Temporal: Important 4512501 Yes version 1803 (Server Core Installation) Update Privilege N/A Vector: N/A 4514601 Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Security Elevation of Temporal: Important 4512501 Maybe Version 1809 for 32-bit Systems Update Privilege N/A Vector: N/A 4514601 Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Security Elevation of Temporal: Important 4512501 Maybe Version 1809 for x64-based Systems Update Privilege N/A Vector: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows 4514601 Elevation of Base: N/A Important 4512501 Maybe Server 2019 Security Privilege Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Update N/A Vector: N/A 4514601 Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows Security Elevation of Temporal: Important 4512501 Maybe Server 2019 (Server Core installation) Update Privilege N/A Vector: N/A 4514359 Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Security Elevation of Temporal: Important 4512501 Maybe Version 1903 for 32-bit Systems Update Privilege N/A Vector: N/A 4514359 Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Security Elevation of Temporal: Important 4512501 Maybe Version 1903 for x64-based Systems Update Privilege N/A Vector: N/A 4514359 Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows Security Elevation of Temporal: Important 4512501 Maybe Server, version 1903 (Server Core installation) Update Privilege N/A Vector: N/A 4514601 Base: N/A Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Security Elevation of Temporal: Important 4512501 Maybe Version 1809 for 32-bit Systems Update Privilege N/A Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 4514601 Base: N/A Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Security Elevation of Temporal: Important 4512501 Maybe Version 1809 for x64-based Systems Update Privilege N/A Vector: N/A 4514601 Base: N/A Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Elevation of Temporal: Important 4512501 Maybe Server 2019 Update Privilege N/A Vector: N/A 4514601 Base: N/A Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Elevation of Temporal: Important 4512501 Maybe Server 2019 (Server Core installation) Update Privilege N/A Vector: N/A 4514598 Security Only Base: N/A 4514603 Elevation of Temporal: Microsoft .NET Framework 3.5 on Windows Server 2012 Important 4512501 Maybe Monthly Privilege N/A Rollup Vector: N/A

4514598 Base: N/A Microsoft .NET Framework 3.5 on Windows Server 2012 Security Only Elevation of Temporal: Important 4512501 Maybe (Server Core installation) 4514603 Privilege N/A Monthly Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Rollup

4514599 Security Only Base: N/A Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit 4514604 Elevation of Temporal: Important 4512501 Maybe systems Monthly Privilege N/A Rollup Vector: N/A

4514599 Security Only Base: N/A Microsoft .NET Framework 3.5 on Windows 8.1 for x64- 4514604 Elevation of Temporal: Important 4512501 Maybe based systems Monthly Privilege N/A Rollup Vector: N/A

4514599 Security Only Base: N/A Microsoft .NET Framework 3.5 on Windows Server 2012 4514604 Elevation of Temporal: Important 4512501 Maybe R2 Monthly Privilege N/A Rollup Vector: N/A

4514599 Microsoft .NET Framework 3.5 on Windows Server 2012 Elevation of Base: N/A Security Only Important 4512501 Maybe R2 (Server Core installation) Privilege Temporal: 4514604

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Monthly N/A Rollup Vector: N/A

4516070 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Security Elevation of Temporal: Important 4512497 Yes Systems Update Privilege N/A Vector: N/A 4516070 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 for x64- Security Elevation of Temporal: Important 4512497 Yes based Systems Update Privilege N/A Vector: N/A 4516044 Base: N/A Security Elevation of Temporal: Microsoft .NET Framework 3.5 on Windows Server 2016 Important 4512517 Yes Update Privilege N/A Vector: N/A 4516044 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 Version Security Elevation of Temporal: Important 4512517 Yes 1607 for 32-bit Systems Update Privilege N/A Vector: N/A 4516044 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 Version Security Elevation of Temporal: Important 4512517 Yes 1607 for x64-based Systems Update Privilege N/A Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 4516044 Base: N/A Microsoft .NET Framework 3.5 on Windows Server 2016 Security Elevation of Temporal: Important 4512517 Yes (Server Core installation) Update Privilege N/A Vector: N/A 4516068 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 Version Security Elevation of Temporal: Important 4512507 Yes 1703 for 32-bit Systems Update Privilege N/A Vector: N/A 4516068 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 Version Security Elevation of Temporal: Important 4512507 Yes 1703 for x64-based Systems Update Privilege N/A Vector: N/A 4516066 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 Version Security Elevation of Temporal: Important 4512516 Yes 1709 for 32-bit Systems Update Privilege N/A Vector: N/A 4516066 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 Version Security Elevation of Temporal: Important 4512516 Yes 1709 for x64-based Systems Update Privilege N/A Vector: N/A Microsoft .NET Framework 3.5 on Windows 10 Version 4516058 Elevation of Base: N/A Important 4512501 Yes 1803 for 32-bit Systems Security Privilege Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1142 Update N/A Vector: N/A 4516058 Base: N/A Microsoft .NET Framework 3.5 on Windows 10 Version Security Elevation of Temporal: Important 4512501 Yes 1803 for x64-based Systems Update Privilege N/A Vector: N/A 4516058 Base: N/A Microsoft .NET Framework 3.5 on Windows Server, Security Elevation of Temporal: Important 4512501 Yes version 1803 (Server Core Installation) Update Privilege N/A Vector: N/A

CVE-2019-1208 - VBScript Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: VBScript Remote Code Execution Vulnerability 2019- Description: Remote Code 1208 A remote code execution vulnerability exists in the way that the VBScript engine handles objects Critical Execution MITRE in memory. The vulnerability could corrupt memory in such a way that an attacker could execute NVD arbitrary code in the context of the current user. An attacker who successfully exploited the

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1208 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Internet 4516026 Explorer 9 Monthly Base: 6.4 on Remote Rollup Temporal: 5.8 Windows Moderate Code 4511872 Yes 4516046 IE Vector: Server Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2008 for

32-bit

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 Systems Service Pack 2 on 4516026 Windows Monthly Base: 6.4 Remote Server Rollup Temporal: 5.8 Moderate Code 4511872 Yes 2008 for 4516046 IE Vector: Execution x64-based Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Service Pack 2 Internet Explorer 4516065 11 on Monthly Base: 7.5 Windows Remote Rollup Temporal: 6.7 7 for 32- Critical Code 4511872 Yes 4516046 IE Vector: bit Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

Service Pack 1

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 Internet Explorer 4516065 11 on Monthly Base: 7.5 Windows Remote Rollup Temporal: 6.7 7 for x64- Critical Code 4511872 Yes 4516046 IE Vector: based Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

Service Pack 1 on 4516065 Windows Monthly Base: 6.4 Server Remote Rollup Temporal: 5.8 2008 R2 Moderate Code 4511872 Yes 4516046 IE Vector: for x64- Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C based

Systems Service Pack 1 Internet 4516046 IE Remote Base: 6.4 Explorer Cumulative Moderate Code 4511872 Yes Temporal: 5.8 11 on Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 Windows Vector: Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 Internet 4516067 Explorer Monthly Base: 7.5 11 on Remote Rollup Temporal: 6.7 Windows Critical Code 4511872 Yes 4516046 IE Vector: 8.1 for 32- Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit systems Internet 4516067 Explorer Monthly Base: 7.5 11 on Remote Rollup Temporal: 6.7 Windows Critical Code 4511872 Yes 4516046 IE Vector: 8.1 for Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based systems Internet 4516067 Explorer Monthly Base: 6.4 Remote 11 on Rollup Temporal: 5.8 Moderate Code 4511872 Yes Windows 4516046 IE Vector: Execution Server Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 R2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 Internet 4516067 Base: 7.5 Explorer Remote Monthly Temporal: 6.7 11 on Critical Code 4512488 Yes Rollup Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C RT 8.1 Internet Explorer 4516070 Base: 7.5 11 on Remote Security Temporal: 6.7 Windows Critical Code 4512497 Yes Update Vector: 10 for 32- Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit Systems Internet Explorer 4516070 Base: 7.5 11 on Remote Security Temporal: 6.7 Windows Critical Code 4512497 Yes Update Vector: 10 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet 4516044 Base: 6.4 Remote Explorer Security Temporal: 5.8 Moderate Code 4512517 Yes 11 on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 Server 2016 Internet Explorer 11 on 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes 10 Version Update Vector: Execution 1607 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes 10 Version Update Vector: Execution 1607 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet 4516068 Base: 7.5 Explorer Remote Security Temporal: 6.7 11 on Critical Code 4512507 Yes Update Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10 Version

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 1703 for 32-bit Systems Internet Explorer 11 on 4516068 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512507 Yes 10 Version Update Vector: Execution 1703 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 11 on 4516066 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512516 Yes 10 Version Update Vector: Execution 1709 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet 4516066 Base: 7.5 Remote Explorer Security Temporal: 6.7 Critical Code 4512516 Yes 11 on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 10 Version 1709 for x64-based Systems Internet Explorer 11 on 4516058 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512501 Yes 10 Version Update Vector: Execution 1803 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4516058 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512501 Yes 10 Version Update Vector: Execution 1803 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Remote 4516058 Base: 7.5 Explorer Critical Code 4512501 Yes Security Temporal: 6.7 11 on Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 Vector: 10 Version CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1803 for ARM64- based Systems Internet Explorer 11 on 4512578 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4511553 Yes 10 Version Update Vector: Execution 1809 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4512578 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4511553 Yes 10 Version Update Vector: Execution 1809 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 Internet Explorer 11 on 4512578 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4511553 Yes Update Vector: 1809 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Explorer 4512578 Base: 6.4 Remote 11 on Security Temporal: 5.8 Moderate Code 4511553 Yes Windows Update Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2019 Internet Explorer 4516066 Base: 7.5 11 on Remote Security Temporal: 6.7 Windows Critical Code 4512516 Yes Update Vector: 10 Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1709 for ARM64-

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 based Systems Internet Explorer 11 on 4515384 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512508 Yes 10 Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4515384 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512508 Yes 10 Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet 4515384 Base: 7.5 Explorer Remote Security Temporal: 6.7 11 on Critical Code 4512508 Yes Update Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10 Version

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1208 1903 for ARM64- based Systems Internet 4516055 Explorer Monthly Base: 6.4 Remote 10 on Rollup Temporal: 5.8 Moderate Code 4511872 Yes Windows 4516046 IE Vector: Execution Server Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012

CVE-2019-1209 - Lync 2013 Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Lync 2013 Information Disclosure Vulnerability 2019- Description: Information 1209 Important An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it could Disclosure MITRE read arbitrary files on the victim's machine. Â To exploit the vulnerability, an attacker needs to NVD

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating instantiate a conference and modify the meeting link with malicious content and send the link to a victim. The update addresses the vulnerability by changing how the URL is being resolved.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1209 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A 4515509 Security Update Microsoft Lync Server 2013 Important Information Disclosure Temporal: N/A Maybe

Vector: N/A

CVE-2019-1214 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- 2019- CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability Elevation of 1214 Important Description: Privilege MITRE NVD

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1214 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Elevation Itanium- Temporal: 7 4516065 Important of 4512506 Yes Based Vector: Monthly Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Base: 7.8 Server 2008 Security Elevation Temporal: 7 R2 for x64- Only Important of 4512506 Yes Vector: based 4516065 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4516062 Important of 4512518 Yes Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Windows Base: 7.8 Monthly Elevation Server 2012 Temporal: 7 Rollup Important of 4512518 Yes (Server Core Vector: 4516062 Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 Only

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Elevation Temporal: 7 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 4516067 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Elevation Temporal: 7 R2 (Server 4516067 Important of 4512488 Yes Vector: Core Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516066 Base: 7.8 Important of 4512516 Yes Version 1709 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) 4516058 Base: 7.8 Windows 10 Elevation Security Temporal: 7 Version 1803 Important of 4512501 Yes Update Vector: for ARM64- Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 based Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4516051 Important of 4512476 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for x64-based Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1214 Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

CVE-2019-1215 - Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Elevation of Privilege Vulnerability Description: CVE- An elevation of privilege vulnerability exists in the way that ws2ifsl.sys () handles 2019-1215 objects in memory. An attacker who successfully exploited the vulnerability could execute Elevation of Important MITRE code with elevated privileges. Privilege NVD To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Elevation Temporal: 7 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 (Server

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Elevation Itanium- Temporal: 7 4516065 Important of 4512506 Yes Based Vector: Monthly Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Elevation Temporal: 7 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Base: 7.8 Monthly Elevation for 32-bit Temporal: 7 Rollup Important of 4512476 Yes Systems Vector: 4516051 Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2 (Server

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 Core Only installation) 4516055 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4516062 Important of 4512518 Yes Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 7.8 Rollup Elevation Server 2012 Temporal: 7 4516062 Important of 4512518 Yes (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Elevation Temporal: 7 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516064 Base: 7.8 Server 2012 Security Elevation Temporal: 7 R2 (Server Only Important of 4512488 Yes Vector: Core 4516067 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 Rollup

4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7.8 Important of 4512501 Yes Version 1803 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4512578 Base: 7.8 Important of 4511553 Yes Version 1809 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Elevation Windows 10 4515384 Base: 7.8 Important of 4512508 Yes Version 1903 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4516051 Important of 4512476 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1215 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for x64-based Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1216 - DirectX Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: DirectX Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. CVE- The update addresses the vulnerability by correcting how DirectX handles objects in memory. 2019-1216 Information Important MITRE Disclosure NVD FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Mitigations:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1216 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Base: 5.5 for 32-bit Security Information Temporal: 5.1 Systems Only Important 4512506 Yes Disclosure Vector: Service Pack 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 1 Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1216 Rollup

4516033 Windows 7 Security for x64- Base: 5.5 Only based Information Temporal: 5.1 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Rollup 1

Windows Server 2008 4516033 R2 for x64- Security Base: 5.5 based Only Information Temporal: 5.1 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Base: 5.5 Server 2008 Security Information Temporal: 5.1 R2 for Only Important 4512506 Yes Disclosure Vector: Itanium- 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Based Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1216 Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 5.5 R2 for x64- Only Information Temporal: 5.1 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Service Pack Rollup 1 4516055 Monthly Base: 5.5 Rollup Windows Information Temporal: 5.1 4516062 Important 4512518 Yes Server 2012 Disclosure Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Only

4516055 Windows Base: 5.5 Monthly Server 2012 Information Temporal: 5.1 Rollup Important 4512518 Yes (Server Core Disclosure Vector: 4516062 installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1216 Only

4516064 Security Base: 5.5 Windows Only Information Temporal: 5.1 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Rollup

4516064 Security Windows Base: 5.5 Only 8.1 for x64- Information Temporal: 5.1 4516067 Important 4512488 Yes based Disclosure Vector: Monthly systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Rollup

4516064 Security Base: 5.5 Windows Only Information Temporal: 5.1 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1216 4516067 Base: 5.5 Windows Monthly Information Temporal: 5.1 Important 4512488 Yes RT 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 4516064 Windows Security Base: 5.5 Server 2012 Only Information Temporal: 5.1 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C installation) Rollup

4516070 Base: 5.5 Windows 10 Security Information Temporal: 5.1 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Windows 10 4516070 Base: 5.5 for x64- Security Information Temporal: 5.1 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 4516044 Base: 5.5 Windows Security Information Temporal: 5.1 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1216 Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5.1 Important 4512517 Yes 1607 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5.1 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Systems Windows 4516044 Base: 5.5 Server 2016 Security Information Temporal: 5.1 Important 4512517 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5.1 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5.1 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1217 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the CVE- current user is logged on with administrative user rights, an attacker who successfully exploited 2019- the vulnerability could take control of an affected system. An attacker could then install Remote Code 1217 programs; view, change, or delete data; or create new accounts with full user rights. Critical Execution MITRE In a web-based attack scenario, an attacker could host a specially crafted website that is designed NVD to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1217 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1217 Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge 4516058 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Critical Code 4512501 Yes based) on Update Vector: Execution Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1803

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1217 for ARM64- based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft 4512578 Base: 4.2 Edge Remote Security Temporal: 3.8 (EdgeHTML- Critical Code 4511553 Yes Update Vector: based) on Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1217 Version 1809 for ARM64- based Systems Microsoft Edge 4512578 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4511553 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2019 Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge 4515384 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Critical Code 4512508 Yes based) on Update Vector: Execution Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1903

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1217 for x64-based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Release Base: 4.2 Notes Remote Temporal: 3.8 ChakraCore Security Critical Code 4512508 Maybe Vector: Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 - Windows Transaction Manager Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Transaction Manager Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

CVE- To exploit the vulnerability, an attacker would first have to log on to the system, and then run a 2019- specially crafted application. Information 1219 Important The security update addresses the vulnerability by correcting how the Transaction Manager Disclosure MITRE handles objects in memory. NVD

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1219 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Information Base: 5.5 Important 4512506 Yes for 32-bit Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 Systems Only Vector: Service Pack 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 Monthly Rollup

4516033 Windows 7 Security for x64- Base: 5.5 Only based Information Temporal: 5 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup 1

Windows Server 2008 4516033 R2 for x64- Security Base: 5.5 based Only Information Temporal: 5 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Information Base: 5.5 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 R2 for Only Vector: Itanium- 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Based Monthly Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 5.5 R2 for x64- Only Information Temporal: 5 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 5.5 Rollup Systems Information Temporal: 5 4516051 Important 4512476 Yes Service Pack Disclosure Vector: Security 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only Core installation) Windows 4516055 Information Base: 5.5 Important 4512518 Yes Server 2012 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 Rollup Vector: 4516062 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Security Only

4516055 Monthly Windows Base: 5.5 Rollup Server 2012 Information Temporal: 5 4516062 Important 4512518 Yes (Server Core Disclosure Vector: Security installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

Windows 4516064 Base: 5.5 8.1 for x64- Security Information Temporal: 5 Important 4512488 Yes based Only Disclosure Vector: systems 4516067 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 Monthly Rollup

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516067 Base: 5.5 Windows Monthly Information Temporal: 5 Important 4512488 Yes RT 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 5.5 Server 2012 Only Information Temporal: 5 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 4516070 Base: 5.5 Windows 10 Security Information Temporal: 5 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516070 Base: 5.5 for x64- Security Information Temporal: 5 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516044 Base: 5.5 Windows Security Information Temporal: 5 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 Important 4512517 Yes 1607 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Information Base: 5.5 Important 4512517 Yes Server 2016 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 (Server Core Update Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Information Base: 5.5 Important 4512501 Yes Version Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 1803 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.5 Version Security Information Temporal: 5 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516058 Base: 5.5 Server, Security Information Temporal: 5 version 1803 Important 4512501 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Installation) Windows 10 Version 4516058 Base: 5.5 1803 for Security Information Temporal: 5 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 Important 4511553 Yes 1809 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 1809 for Important 4511553 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4512578 Base: 5.5 1809 for Security Information Temporal: 5 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 5.5 Windows Security Information Temporal: 5 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.5 Server 2019 Security Information Temporal: 5 Important 4511553 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for Update Disclosure Vector: ARM64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 based Systems Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4515384 Base: 5.5 1903 for Security Information Temporal: 5 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4515384 Base: 5.5 Server, Security Information Temporal: 5 version 1903 Important 4512508 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 Windows 4516026 Server 2008 Monthly Base: 5.5 for Itanium- Rollup Information Temporal: 5 Based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 5.5 Rollup for 32-bit Information Temporal: 5 4516051 Important 4512476 Yes Systems Disclosure Vector: Security Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly Base: 5.5 for x64- Rollup Information Temporal: 5 based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Information Base: 5.5 Important 4512476 Yes Server 2008 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1219 for x64- Rollup Vector: based 4516051 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Security Service Pack Only 2 (Server Core installation)

CVE-2019-1220 - Microsoft Browser Security Feature Bypass Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Browser Security Feature Bypass Vulnerability Description: CVE- A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the 2019- correct Security Zone of requests for specific URLs. This could allow an attacker to cause a Security Feature 1220 Important user to access a URL in a less restricted Internet Security Zone than intended. Bypass MITRE NVD To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Internet 4516026 Explorer 9 on Monthly Windows Base: 2.4 Rollup Security Server 2008 Temporal: 2.2 4516046 Low Feature 4511872 Yes for 32-bit Vector: IE Bypass Systems CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Cumulative Service Pack

2 Internet 4516026 Explorer 9 on Monthly Windows Base: 2.4 Rollup Security Server 2008 Temporal: 2.2 4516046 Low Feature 4511872 Yes for x64-based Vector: IE Bypass Systems CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Cumulative Service Pack

2 Internet 4516065 Base: 4.3 Explorer 11 Monthly Security Temporal: 3.9 on Windows Rollup Important Feature 4511872 Yes Vector: 7 for 32-bit 4516046 Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Systems IE

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Service Pack Cumulative 1 Internet 4516065 Explorer 11 Monthly on Windows Base: 4.3 Rollup Security 7 for x64- Temporal: 3.9 4516046 Important Feature 4511872 Yes based Vector: IE Bypass Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Cumulative Service Pack

1 Internet Explorer 11 4516065 on Windows Monthly Base: 2.4 Server 2008 Rollup Security Temporal: 2.2 R2 for x64- 4516046 Low Feature 4511872 Yes Vector: based IE Bypass CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Systems Cumulative Service Pack 1 Internet 4516046 Base: 2.4 Security Explorer 11 IE Temporal: 2.2 Low Feature 4511872 Yes on Windows Cumulative Vector: Bypass Server 2012 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 4516067 Internet Monthly Base: 4.3 Explorer 11 Rollup Security Temporal: 3.9 on Windows 4516046 Important Feature 4511872 Yes Vector: 8.1 for 32-bit IE Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C systems Cumulative

4516067 Internet Monthly Explorer 11 Base: 4.3 Rollup Security on Windows Temporal: 3.9 4516046 Important Feature 4511872 Yes 8.1 for x64- Vector: IE Bypass based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Cumulative systems

4516067 Internet Monthly Base: 2.4 Explorer 11 Rollup Security Temporal: 2.2 on Windows 4516046 Low Feature 4511872 Yes Vector: Server 2012 IE Bypass CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C R2 Cumulative

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Internet 4516067 Base: 4.3 Security Explorer 11 Monthly Temporal: 3.9 Important Feature 4512488 Yes on Windows Rollup Vector: Bypass RT 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Internet 4516070 Base: 4.3 Explorer 11 Security Security Temporal: 3.9 on Windows Important Feature 4512497 Yes Update Vector: 10 for 32-bit Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Systems Internet Explorer 11 4516070 Base: 4.3 Security on Windows Security Temporal: 3.9 Important Feature 4512497 Yes 10 for x64- Update Vector: Bypass based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Systems Internet 4516044 Base: 2.4 Security Explorer 11 Security Temporal: 2.2 Low Feature 4512517 Yes on Windows Update Vector: Bypass Server 2016 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Internet 4516044 Base: 4.3 Security Explorer 11 Security Temporal: 3.9 Important Feature 4512517 Yes on Windows Update Vector: Bypass 10 Version CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 1607 for 32- bit Systems Internet Explorer 11 4516044 Base: 4.3 on Windows Security Security Temporal: 3.9 10 Version Important Feature 4512517 Yes Update Vector: 1607 for x64- Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems Internet Explorer 11 4516068 Base: 4.3 Security on Windows Security Temporal: 3.9 Important Feature 4512507 Yes 10 Version Update Vector: Bypass 1703 for 32- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C bit Systems Internet Explorer 11 4516068 Base: 4.3 on Windows Security Security Temporal: 3.9 10 Version Important Feature 4512507 Yes Update Vector: 1703 for x64- Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Internet Explorer 11 4516066 Base: 4.3 Security on Windows Security Temporal: 3.9 Important Feature 4512516 Yes 10 Version Update Vector: Bypass 1709 for 32- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C bit Systems Internet Explorer 11 4516066 Base: 4.3 on Windows Security Security Temporal: 3.9 10 Version Important Feature 4512516 Yes Update Vector: 1709 for x64- Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems Internet Explorer 11 4516058 Base: 4.3 Security on Windows Security Temporal: 3.9 Important Feature 4512501 Yes 10 Version Update Vector: Bypass 1803 for 32- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C bit Systems Internet 4516058 Base: 4.3 Security Explorer 11 Security Temporal: 3.9 Important Feature 4512501 Yes on Windows Update Vector: Bypass 10 Version CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 1803 for x64- based Systems Internet Explorer 11 on Windows 4516058 Base: 4.3 Security 10 Version Security Temporal: 3.9 Important Feature 4512501 Yes 1803 for Update Vector: Bypass ARM64- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems Internet Explorer 11 4512578 Base: 4.3 Security on Windows Security Temporal: 3.9 Important Feature 4511553 Yes 10 Version Update Vector: Bypass 1809 for 32- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C bit Systems Internet 4512578 Base: 4.3 Explorer 11 Security Security Temporal: 3.9 on Windows Important Feature 4511553 Yes Update Vector: 10 Version Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 1809 for x64-

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 based Systems Internet Explorer 11 on Windows 4512578 Base: 4.3 Security 10 Version Security Temporal: 3.9 Important Feature 4511553 Yes 1809 for Update Vector: Bypass ARM64- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems Internet 4512578 Base: 2.4 Security Explorer 11 Security Temporal: 2.2 Low Feature 4511553 Yes on Windows Update Vector: Bypass Server 2019 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Internet Explorer 11 on Windows 4516066 Base: 4.3 Security 10 Version Security Temporal: 3.9 Important Feature 4512516 Yes 1709 for Update Vector: Bypass ARM64- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Internet Explorer 11 4515384 Base: 4.3 Security on Windows Security Temporal: 3.9 Important Feature 4512508 Yes 10 Version Update Vector: Bypass 1903 for 32- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C bit Systems Internet Explorer 11 4515384 Base: 4.3 on Windows Security Security Temporal: 3.9 10 Version Important Feature 4512508 Yes Update Vector: 1903 for x64- Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems Internet Explorer 11 on Windows 4515384 Base: 4.3 Security 10 Version Security Temporal: 3.9 Important Feature 4512508 Yes 1903 for Update Vector: Bypass ARM64- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 4516055 Monthly Internet Base: 2.4 Rollup Security Explorer 10 Temporal: 2.2 4516046 Low Feature 4511872 Yes on Windows Vector: IE Bypass Server 2012 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Cumulative

Microsoft Edge 4516070 Base: 4.3 (EdgeHTML- Security Security Temporal: 3.9 based) on Important Feature 4512497 Yes Update Vector: Windows 10 Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge 4516070 Base: 4.3 (EdgeHTML- Security Security Temporal: 3.9 based) on Important Feature 4512497 Yes Update Vector: Windows 10 Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Microsoft Edge 4516044 Base: 4.3 Security (EdgeHTML- Security Temporal: 3.9 Low Feature 4512517 Yes based) on Update Vector: Bypass Windows CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Server 2016 Microsoft Edge (EdgeHTML- 4516044 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512517 Yes Windows 10 Update Vector: Bypass Version 1607 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516044 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512517 Yes Windows 10 Update Vector: Bypass Version 1607 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Microsoft Edge (EdgeHTML- 4516068 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512507 Yes Windows 10 Update Vector: Bypass Version 1703 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516068 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512507 Yes Windows 10 Update Vector: Bypass Version 1703 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge 4516066 Base: 4.3 Security (EdgeHTML- Security Temporal: 3.9 Important Feature 4512516 Yes based) on Update Vector: Bypass Windows 10 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Version 1709

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 for 32-bit Systems Microsoft Edge (EdgeHTML- 4516066 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512516 Yes Windows 10 Update Vector: Bypass Version 1709 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512501 Yes Windows 10 Update Vector: Bypass Version 1803 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft 4516058 Base: 4.3 Edge Security Security Temporal: 3.9 (EdgeHTML- Important Feature 4512501 Yes Update Vector: based) on Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Version 1803 for x64-based Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.3 based) on Security Security Temporal: 3.9 Windows 10 Important Feature 4512501 Yes Update Vector: Version 1803 Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4511553 Yes Windows 10 Update Vector: Bypass Version 1809 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Security 4512578 Base: 4.3 Edge Important Feature 4511553 Yes Security Temporal: 3.9 (EdgeHTML- Bypass

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 based) on Update Vector: Windows 10 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Version 1809 for x64-based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.3 based) on Security Security Temporal: 3.9 Windows 10 Important Feature 4511553 Yes Update Vector: Version 1809 Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft Edge 4512578 Base: 4.3 Security (EdgeHTML- Security Temporal: 3.9 Low Feature 4511553 Yes based) on Update Vector: Bypass Windows CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Server 2019 Microsoft Security 4516066 Base: 4.3 Edge Important Feature 4512516 Yes Security Temporal: 3.9 (EdgeHTML- Bypass

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 based) on Update Vector: Windows 10 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Version 1709 for ARM64- based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512508 Yes Windows 10 Update Vector: Bypass Version 1903 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.3 Security based) on Security Temporal: 3.9 Important Feature 4512508 Yes Windows 10 Update Vector: Bypass Version 1903 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1220 Microsoft Edge (EdgeHTML- 4515384 Base: 4.3 based) on Security Security Temporal: 3.9 Windows 10 Important Feature 4512508 Yes Update Vector: Version 1903 Bypass CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems

CVE-2019-1221 - Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Scripting Engine Memory Corruption Vulnerability CVE- Description: 2019- A remote code execution vulnerability exists in the way that the scripting engine handles objects Remote Code 1221 Critical in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an Execution MITRE attacker could execute arbitrary code in the context of the current user. An attacker who NVD successfully exploited the vulnerability could gain the same user rights as the current user. If the

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1221 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Internet 4516065 Explorer Monthly Base: 7.5 11 on Remote Rollup Temporal: 6.7 Windows Critical Code 4511872 Yes 4516046 IE Vector: 7 for 32- Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit

Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Service Pack 1 Internet Explorer 4516065 11 on Monthly Base: 7.5 Windows Remote Rollup Temporal: 6.7 7 for x64- Critical Code 4511872 Yes 4516046 IE Vector: based Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

Service Pack 1 Internet Explorer 11 on 4516065 Windows Monthly Base: 6.4 Server Remote Rollup Temporal: 5.8 2008 R2 Moderate Code 4511872 Yes 4516046 IE Vector: for x64- Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C based

Systems Service Pack 1

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Internet Explorer Base: 6.4 4516046 IE Remote 11 on Temporal: 5.8 Cumulative Moderate Code 4511872 Yes Windows Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 Internet 4516067 Explorer Monthly Base: 7.5 11 on Remote Rollup Temporal: 6.7 Windows Critical Code 4511872 Yes 4516046 IE Vector: 8.1 for 32- Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit systems Internet 4516067 Explorer Monthly Base: 7.5 11 on Remote Rollup Temporal: 6.7 Windows Critical Code 4511872 Yes 4516046 IE Vector: 8.1 for Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based systems Internet 4516067 Remote Base: 6.4 Explorer Monthly Moderate Code 4511872 Yes Temporal: 5.8 11 on Rollup Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Windows 4516046 IE Vector: Server Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 R2 Internet 4516067 Base: 7.5 Explorer Remote Monthly Temporal: 6.7 11 on Critical Code 4512488 Yes Rollup Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C RT 8.1 Internet Explorer 4516070 Base: 7.5 11 on Remote Security Temporal: 6.7 Windows Critical Code 4512497 Yes Update Vector: 10 for 32- Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit Systems Internet Explorer 4516070 Base: 7.5 11 on Remote Security Temporal: 6.7 Windows Critical Code 4512497 Yes Update Vector: 10 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Internet Explorer 4516044 Base: 6.4 Remote 11 on Security Temporal: 5.8 Moderate Code 4512517 Yes Windows Update Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2016 Internet Explorer 11 on 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes 10 Version Update Vector: Execution 1607 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes 10 Version Update Vector: Execution 1607 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Internet Explorer 11 on 4516068 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512507 Yes 10 Version Update Vector: Execution 1703 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4516068 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512507 Yes 10 Version Update Vector: Execution 1703 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 4516066 Base: 7.5 Remote 11 on Security Temporal: 6.7 Critical Code 4512516 Yes Windows Update Vector: Execution 10 Version CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1709 for

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 32-bit Systems Internet Explorer 11 on 4516066 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512516 Yes 10 Version Update Vector: Execution 1709 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 11 on 4516058 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512501 Yes 10 Version Update Vector: Execution 1803 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet 4516058 Base: 7.5 Explorer Remote Security Temporal: 6.7 11 on Critical Code 4512501 Yes Update Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10 Version

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 1803 for x64-based Systems Internet Explorer 11 on 4516058 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4512501 Yes Update Vector: 1803 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Explorer 11 on 4512578 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4511553 Yes 10 Version Update Vector: Execution 1809 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Remote 4512578 Base: 7.5 Explorer Critical Code 4511553 Yes Security Temporal: 6.7 11 on Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Windows Update Vector: 10 Version CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1809 for x64-based Systems Internet Explorer 11 on 4512578 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4511553 Yes Update Vector: 1809 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Explorer 4512578 Base: 6.4 Remote 11 on Security Temporal: 5.8 Moderate Code 4511553 Yes Windows Update Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2019 Internet Remote 4516066 Base: 7.5 Explorer Critical Code 4512516 Yes Security Temporal: 6.7 11 on Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Windows Update Vector: 10 Version CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1709 for ARM64- based Systems Internet Explorer 11 on 4515384 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512508 Yes 10 Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4515384 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512508 Yes 10 Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1221 Internet Explorer 11 on 4515384 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4512508 Yes Update Vector: 1903 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems

CVE-2019-1231 - Rome SDK Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Rome SDK Information Disclosure Vulnerability Description: CVE- An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS 2019-1231 certificate validation. This vulnerability allows an unauthenticated attacker to establish Information Important MITRE connection with an invalid SSL/TLS server certificate. Disclosure NVD To exploit this, an attacker would have to Man-In-The-Middle to intercept an established connection.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact This security update addresses the issue by handling server SSL/TLS certificate validation correctly.

FAQ: What versions of the Project Rome SDK are affected by this vulnerability? Version 1.4.0 and all previous versions of the SDK are affected. Version 1.4.1 does not have the vulnerability.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1231 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A Release Notes Security Update Rome SDK 1.4.1 Important Information Disclosure Temporal: N/A Maybe

Vector: N/A

CVE-2019-1232 - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- 2019-1232 CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Elevation of Important MITRE Description: Privilege NVD

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1232 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft 4513696 Elevation Base: N/A Visual Studio Security Important of Temporal: N/A Maybe 2015 Update Update Privilege Vector: N/A 3 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1232 Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516066 Base: 7.8 Important of 4512516 Yes Version 1709 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1232 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) 4516058 Base: 7.8 Windows 10 Elevation Security Temporal: 7 Version 1803 Important of 4512501 Yes Update Vector: for ARM64- Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1232 based Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1232 Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Release Microsoft Notes Elevation Base: N/A Visual Studio Security Important of 4512516 Temporal: N/A Maybe 2017 version Update Privilege Vector: N/A 15.9

Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1232 Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Release Microsoft Notes Elevation Base: N/A Visual Studio Security Important of 4512508 Temporal: N/A Maybe 2017 version Update Privilege Vector: N/A 15.0

Release Microsoft Notes Elevation Base: N/A Visual Studio Security Important of 4512508 Temporal: N/A Maybe 2019 version Update Privilege Vector: N/A 16.0

Release Microsoft Notes Elevation Base: N/A Visual Studio Security Important of 4512508 Temporal: N/A Maybe 2019 version Update Privilege Vector: N/A 16.2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1233 - Microsoft Exchange Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Exchange Denial of Service Vulnerability Description: A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server. CVE- 2019- The security update addresses the vulnerability by correcting how Microsoft Exchange Server Denial of 1233 handles objects in memory. Important Service MITRE NVD FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1233 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4515832 Security Base: N/A Microsoft Exchange Server 2016 Cumulative Denial of Update Important 4509409 Temporal: N/A Maybe Update 12 Service Vector: N/A 4515832 Security Base: N/A Microsoft Exchange Server 2019 Cumulative Denial of Update Important 4509408 Temporal: N/A Maybe Update 1 Service Vector: N/A 4515832 Security Base: N/A Microsoft Exchange Server 2019 Cumulative Denial of Update Important 4509408 Temporal: N/A Maybe Update 2 Service Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1233 4515832 Security Base: N/A Microsoft Exchange Server 2016 Cumulative Denial of Update Important 4509409 Temporal: N/A Maybe Update 13 Service Vector: N/A

CVE-2019-1235 - Windows Text Service Framework Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Text Service Framework Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when CVE- the TSF server process does not validate the source of input or commands it receives. An attacker 2019- who successfully exploited this vulnerability could inject commands or read input sent through a Elevation of 1235 Important malicious Editor (IME). This only affects systems that have installed an IME. Privilege MITRE NVD To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating The security update addresses this vulnerability by correcting how the TSF server and client validate input from each other.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Elevation Temporal: 7 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 (Server

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Elevation Itanium- Temporal: 7 4516065 Important of 4512506 Yes Based Vector: Monthly Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Elevation Temporal: 7 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Base: 7.8 Monthly Elevation for 32-bit Temporal: 7 Rollup Important of 4512476 Yes Systems Vector: 4516051 Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2 (Server

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 Core Only installation) 4516055 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4516062 Important of 4512518 Yes Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 7.8 Rollup Elevation Server 2012 Temporal: 7 4516062 Important of 4512518 Yes (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Elevation Temporal: 7 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516064 Base: 7.8 Server 2012 Security Elevation Temporal: 7 R2 (Server Only Important of 4512488 Yes Vector: Core 4516067 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 Rollup

4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7.8 Important of 4512501 Yes Version 1803 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4512578 Base: 7.8 Important of 4511553 Yes Version 1809 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Elevation Windows 10 4515384 Base: 7.8 Important of 4512508 Yes Version 1903 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4516051 Important of 4512476 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1235 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for x64-based Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 - VBScript Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: VBScript Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on CVE- with administrative user rights, an attacker who successfully exploited the vulnerability could 2019- take control of an affected system. An attacker could then install programs; view, change, or Remote Code 1236 delete data; or create new accounts with full user rights. Critical Execution MITRE In a web-based attack scenario, an attacker could host a specially crafted website that is designed NVD to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Internet Explorer 9 on 4516026 Windows Monthly Base: 6.4 Remote Server Rollup Temporal: 5.8 Moderate Code 4511872 Yes 2008 for 4516046 IE Vector: Execution 32-bit Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Service Pack 2 Internet Explorer 9 on 4516026 Windows Monthly Base: 6.4 Remote Server Rollup Temporal: 5.8 Moderate Code 4511872 Yes 2008 for 4516046 IE Vector: Execution x64-based Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Service Pack 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 Internet Explorer 4516065 11 on Monthly Base: 7.5 Windows Remote Rollup Temporal: 6.7 7 for 32- Critical Code 4511872 Yes 4516046 IE Vector: bit Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

Service Pack 1 Internet Explorer 4516065 11 on Monthly Base: 7.5 Windows Remote Rollup Temporal: 6.7 7 for x64- Critical Code 4511872 Yes 4516046 IE Vector: based Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

Service Pack 1 Internet 4516065 Base: 6.4 Explorer Remote Monthly Temporal: 5.8 11 on Moderate Code 4511872 Yes Rollup Vector: Windows Execution 4516046 IE CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Server

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 2008 R2 Cumulative for x64- based Systems Service Pack 1 Internet Explorer Base: 6.4 4516046 IE Remote 11 on Temporal: 5.8 Cumulative Moderate Code 4511872 Yes Windows Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 Internet 4516067 Explorer Monthly Base: 7.5 11 on Remote Rollup Temporal: 6.7 Windows Critical Code 4511872 Yes 4516046 IE Vector: 8.1 for 32- Execution Cumulative CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit systems Internet 4516067 Base: 7.5 Remote Explorer Monthly Temporal: 6.7 Critical Code 4511872 Yes 11 on Rollup Vector: Execution Windows 4516046 IE CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 8.1 for Cumulative x64-based systems Internet 4516067 Explorer Monthly Base: 6.4 Remote 11 on Rollup Temporal: 5.8 Moderate Code 4511872 Yes Windows 4516046 IE Vector: Execution Server Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 R2 Internet 4516067 Base: 7.5 Explorer Remote Monthly Temporal: 6.7 11 on Critical Code 4512488 Yes Rollup Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C RT 8.1 Internet Explorer 4516070 Base: 7.5 11 on Remote Security Temporal: 6.7 Windows Critical Code 4512497 Yes Update Vector: 10 for 32- Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 Internet Explorer 4516070 Base: 7.5 11 on Remote Security Temporal: 6.7 Windows Critical Code 4512497 Yes Update Vector: 10 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 4516044 Base: 6.4 Remote 11 on Security Temporal: 5.8 Moderate Code 4512517 Yes Windows Update Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2016 Internet Explorer 11 on 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes 10 Version Update Vector: Execution 1607 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 Internet Explorer 11 on 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes 10 Version Update Vector: Execution 1607 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 11 on 4516068 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512507 Yes 10 Version Update Vector: Execution 1703 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 4516068 Base: 7.5 Remote 11 on Security Temporal: 6.7 Critical Code 4512507 Yes Windows Update Vector: Execution 10 Version CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1703 for

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 x64-based Systems Internet Explorer 11 on 4516066 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512516 Yes 10 Version Update Vector: Execution 1709 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4516066 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512516 Yes 10 Version Update Vector: Execution 1709 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet 4516058 Base: 7.5 Explorer Remote Security Temporal: 6.7 11 on Critical Code 4512501 Yes Update Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10 Version

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 1803 for 32-bit Systems Internet Explorer 11 on 4516058 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512501 Yes 10 Version Update Vector: Execution 1803 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 11 on 4516058 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4512501 Yes Update Vector: 1803 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Remote 4512578 Base: 7.5 Explorer Critical Code 4511553 Yes Security Temporal: 6.7 11 on Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 Windows Update Vector: 10 Version CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1809 for 32-bit Systems Internet Explorer 11 on 4512578 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4511553 Yes 10 Version Update Vector: Execution 1809 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 11 on 4512578 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4511553 Yes Update Vector: 1809 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 Internet Explorer 4512578 Base: 6.4 Remote 11 on Security Temporal: 5.8 Moderate Code 4511553 Yes Windows Update Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2019 Internet Explorer 11 on 4516066 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4512516 Yes Update Vector: 1709 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Explorer 11 on 4515384 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512508 Yes 10 Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1236 Internet Explorer 11 on 4515384 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512508 Yes 10 Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64-based Systems Internet Explorer 11 on 4515384 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Version Critical Code 4512508 Yes Update Vector: 1903 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet 4516055 Explorer Monthly Base: 6.4 Remote 10 on Rollup Temporal: 5.8 Moderate Code 4511872 Yes Windows 4516046 IE Vector: Execution Server Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the CVE- current user is logged on with administrative user rights, an attacker who successfully exploited 2019- the vulnerability could take control of an affected system. An attacker could then install Remote Code 1237 programs; view, change, or delete data; or create new accounts with full user rights. Critical Execution MITRE In a web-based attack scenario, an attacker could host a specially crafted website that is designed NVD to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1237 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 Microsoft Edge 4516044 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4512517 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2016 Microsoft Edge (EdgeHTML- 4516044 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512517 Yes Windows 10 Update Vector: Execution Version 1607 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516044 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512517 Yes Windows 10 Update Vector: Execution Version 1607 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 Microsoft Edge (EdgeHTML- 4516068 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512507 Yes Windows 10 Update Vector: Execution Version 1703 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516068 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512507 Yes Windows 10 Update Vector: Execution Version 1703 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge 4516066 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Critical Code 4512516 Yes based) on Update Vector: Execution Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1709

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 for 32-bit Systems Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft 4516058 Base: 4.2 Edge Remote Security Temporal: 3.8 (EdgeHTML- Critical Code 4512501 Yes Update Vector: based) on Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 Version 1803 for x64-based Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft 4512578 Base: 4.2 Remote Edge Security Temporal: 3.8 Critical Code 4511553 Yes (EdgeHTML- Update Vector: Execution based) on CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 Windows 10 Version 1809 for x64-based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft Edge 4512578 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4511553 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2019 Microsoft 4516066 Base: 4.2 Edge Remote Security Temporal: 3.8 (EdgeHTML- Critical Code 4512516 Yes Update Vector: based) on Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 Version 1709 for ARM64- based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft 4515384 Base: 4.2 Remote Edge Security Temporal: 3.8 Critical Code 4512508 Yes (EdgeHTML- Update Vector: Execution based) on CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1237 Windows 10 Version 1903 for ARM64- based Systems Release Base: 4.2 Notes Remote Temporal: 3.8 ChakraCore Security Critical Code 4512508 Maybe Vector: Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVE-2019-1240 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability CVE- Description: 2019-1240 Remote Code A remote code execution vulnerability exists when the Windows Jet Database Engine Important MITRE improperly handles objects in memory. An attacker who successfully exploited this Execution NVD vulnerability could execute arbitrary code on a victim system.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1240 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Remote Itanium- Temporal: 7 4516065 Important Code 4512506 Yes Based Vector: Monthly Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for x64- Only Important Code 4512506 Yes Vector: based 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Monthly Base: 7.8 Rollup Remote Windows Temporal: 7 4516062 Important Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Windows Base: 7.8 Monthly Remote Server 2012 Temporal: 7 Rollup Important Code 4512518 Yes (Server Core Vector: 4516062 Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516066 Base: 7.8 Important Code 4512516 Yes Version 1709 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) 4516058 Windows 10 Remote Base: N/A Security Version 1803 Important Code 4512501 Temporal: N/A Yes Update for ARM64- Execution Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 based Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Remote Base: N/A Version 1903 Security Important Code 4512508 Temporal: N/A Yes for 32-bit Update Execution Vector: N/A Systems Windows 10 4515384 Remote Base: N/A Version 1903 Security Important Code 4512508 Temporal: N/A Yes for x64-based Update Execution Vector: N/A Systems Windows 10 4515384 Version 1903 Remote Base: N/A Security for ARM64- Important Code 4512508 Temporal: N/A Yes Update based Execution Vector: N/A

Systems Windows 4515384 Server, Remote Base: N/A Security version 1903 Important Code 4512508 Temporal: N/A Yes Update (Server Core Execution Vector: N/A installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for 32-bit Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1240 Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

CVE-2019-1241 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: CVE- A remote code execution vulnerability exists when the Windows Jet Database Engine 2019-1241 improperly handles objects in memory. An attacker who successfully exploited this Remote Code Important MITRE vulnerability could execute arbitrary code on a victim system. Execution NVD An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1241 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Remote Itanium- Temporal: 7 4516065 Important Code 4512506 Yes Based Vector: Monthly Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for x64- Only Important Code 4512506 Yes Vector: based 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Monthly Base: 7.8 Rollup Remote Windows Temporal: 7 4516062 Important Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Windows Base: 7.8 Monthly Remote Server 2012 Temporal: 7 Rollup Important Code 4512518 Yes (Server Core Vector: 4516062 Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516066 Base: 7.8 Important Code 4512516 Yes Version 1709 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) 4516058 Base: 7.8 Windows 10 Remote Security Temporal: 7 Version 1803 Important Code 4512501 Yes Update Vector: for ARM64- Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 based Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for 32-bit Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1241 Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

CVE-2019-1242 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: CVE- A remote code execution vulnerability exists when the Windows Jet Database Engine 2019-1242 improperly handles objects in memory. An attacker who successfully exploited this Remote Code Important MITRE vulnerability could execute arbitrary code on a victim system. Execution NVD An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1242 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Remote Itanium- Temporal: 7 4516065 Important Code 4512506 Yes Based Vector: Monthly Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for x64- Only Important Code 4512506 Yes Vector: based 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Monthly Base: 7.8 Rollup Remote Windows Temporal: 7 4516062 Important Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Windows Base: 7.8 Monthly Remote Server 2012 Temporal: 7 Rollup Important Code 4512518 Yes (Server Core Vector: 4516062 Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516066 Base: 7.8 Important Code 4512516 Yes Version 1709 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) 4516058 Base: 7.8 Windows 10 Remote Security Temporal: 7 Version 1803 Important Code 4512501 Yes Update Vector: for ARM64- Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 based Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for 32-bit Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1242 Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

CVE-2019-1243 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: CVE- A remote code execution vulnerability exists when the Windows Jet Database Engine 2019-1243 improperly handles objects in memory. An attacker who successfully exploited this Remote Code Important MITRE vulnerability could execute arbitrary code on a victim system. Execution NVD An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1243 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Remote Itanium- Temporal: 7 4516065 Important Code 4512506 Yes Based Vector: Monthly Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for x64- Only Important Code 4512506 Yes Vector: based 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Monthly Base: 7.8 Rollup Remote Windows Temporal: 7 4516062 Important Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Windows Base: 7.8 Monthly Remote Server 2012 Temporal: 7 Rollup Important Code 4512518 Yes (Server Core Vector: 4516062 Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516066 Base: 7.8 Important Code 4512516 Yes Version 1709 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) 4516058 Base: 7.8 Windows 10 Remote Security Temporal: 7 Version 1803 Important Code 4512501 Yes Update Vector: for ARM64- Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 based Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for 32-bit Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1243 Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

CVE-2019-1244 - DirectWrite Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: DirectWrite Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when DirectWrite improperly discloses the CVE- contents of its memory. An attacker who successfully exploited the vulnerability could obtain 2019-1244 Information information to further compromise the user’s system. Important MITRE Disclosure NVD There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1244 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 6.5 for 32-bit Only Information Temporal: 5.9 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Pack 1 Rollup

4516033 Windows 7 Security for x64- Base: 6.5 Only based Information Temporal: 5.9 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup Pack 1

Windows 4516033 Information Base: 6.5 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 R2 for x64- Only Vector: based 4516065 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Monthly Service Rollup Pack 1 (Server Core installation) Windows 4516033 Server 2008 Security R2 for Base: 6.5 Only Itanium- Information Temporal: 5.9 4516065 Important 4512506 Yes Based Disclosure Vector: Monthly Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup Service

Pack 1 Windows 4516033 Server 2008 Security Base: 6.5 R2 for x64- Only Information Temporal: 5.9 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Rollup Pack 1

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 Windows Server 2008 4516026 for 32-bit Monthly Base: 6.5 Systems Rollup Information Temporal: 5.9 Service 4516051 Important 4512476 Yes Disclosure Vector: Pack 2 Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (Server Only Core installation) 4516055 Monthly Base: 6.5 Rollup Windows Information Temporal: 5.9 4516062 Important 4512518 Yes Server 2012 Disclosure Vector: Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only

4516055 Windows Monthly Base: 6.5 Server 2012 Rollup Information Temporal: 5.9 (Server 4516062 Important 4512518 Yes Disclosure Vector: Core Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Only

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 4516064 Security Base: 6.5 Windows Only Information Temporal: 5.9 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516064 Security Windows Base: 6.5 Only 8.1 for x64- Information Temporal: 5.9 4516067 Important 4512488 Yes based Disclosure Vector: Monthly systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516064 Security Base: 6.5 Windows Only Information Temporal: 5.9 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

Windows 4516067 Information Base: 6.5 Important 4512488 Yes RT 8.1 Monthly Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 Rollup Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 6.5 Server 2012 Only Information Temporal: 5.9 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 6.5 Windows 10 Security Information Temporal: 5.9 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516070 Base: 6.5 for x64- Security Information Temporal: 5.9 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516044 Base: 6.5 Windows Security Information Temporal: 5.9 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Information Base: 6.5 Important 4512517 Yes Version Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 1607 for 32- Update Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.5 Version Security Information Temporal: 5.9 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Base: 6.5 Server 2016 Security Information Temporal: 5.9 (Server Important 4512517 Yes Update Disclosure Vector: Core CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Windows 10 4516068 Base: 6.5 Version Security Information Temporal: 5.9 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.5 Version Security Information Temporal: 5.9 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Information Base: 6.5 Important 4512516 Yes Version Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 1709 for 32- Update Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.5 Version Security Information Temporal: 5.9 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Base: 6.5 Version Security Information Temporal: 5.9 Important 4512501 Yes 1803 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.5 Version Security Information Temporal: 5.9 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4516058 Base: 6.5 version Security Information Temporal: 5.9 1803 Important 4512501 Yes Update Disclosure Vector: (Server CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Core Installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 Windows 10 Version 4516058 Base: 6.5 1803 for Security Information Temporal: 5.9 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 6.5 Version Security Information Temporal: 5.9 Important 4511553 Yes 1809 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.5 Version Security Information Temporal: 5.9 1809 for Important 4511553 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4512578 Base: 6.5 1809 for Security Information Temporal: 5.9 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4512578 Information Base: 6.5 Important 4511553 Yes Server 2019 Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 Update Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 6.5 Server 2019 Security Information Temporal: 5.9 (Server Important 4511553 Yes Update Disclosure Vector: Core CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Windows 10 Version 4516066 Base: 6.5 1709 for Security Information Temporal: 5.9 Important 4512516 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 6.5 Version Security Information Temporal: 5.9 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.5 Version Security Information Temporal: 5.9 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 Windows 10 Version 4515384 Base: 6.5 1903 for Security Information Temporal: 5.9 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4515384 Base: 6.5 version Security Information Temporal: 5.9 1903 Important 4512508 Yes Update Disclosure Vector: (Server CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Core installation) Windows 4516026 Server 2008 Monthly Base: 6.5 for Itanium- Rollup Information Temporal: 5.9 Based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Only Pack 2 Windows 4516026 Information Base: 6.5 Server 2008 Monthly Important 4512476 Yes Disclosure Temporal: 5.9 for 32-bit Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1244 Systems 4516051 Vector: Service Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Pack 2 Only

Windows 4516026 Server 2008 Monthly Base: 6.5 for x64- Rollup Information Temporal: 5.9 based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Only Pack 2 Windows Server 2008 4516026 for x64- Monthly based Base: 6.5 Rollup Systems Information Temporal: 5.9 4516051 Important 4512476 Yes Service Disclosure Vector: Security Pack 2 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only (Server

Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 - DirectWrite Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: DirectWrite Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted CVE- webpage. 2019-1245 Information The security update addresses the vulnerability by correcting how DirectWrite handles objects Important MITRE in memory. Disclosure NVD

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1245 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Base: 6.5 Windows 7 Security Information Temporal: 5.9 for 32-bit Important 4512506 Yes Only Disclosure Vector: Systems 4516065 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 Service Monthly Pack 1 Rollup

4516033 Windows 7 Security for x64- Base: 6.5 Only based Information Temporal: 5.9 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup Pack 1

Windows Server 2008 4516033 R2 for x64- Security based Base: 6.5 Only Systems Information Temporal: 5.9 4516065 Important 4512506 Yes Service Disclosure Vector: Monthly Pack 1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup (Server

Core installation) Windows 4516033 Information Base: 6.5 Server 2008 Security Important 4512506 Yes Disclosure Temporal: 5.9 R2 for Only

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 Itanium- 4516065 Vector: Based Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 6.5 R2 for x64- Only Information Temporal: 5.9 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Rollup Pack 1 Windows Server 2008 4516026 for 32-bit Monthly Base: 6.5 Systems Rollup Information Temporal: 5.9 Service 4516051 Important 4512476 Yes Disclosure Vector: Pack 2 Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (Server Only Core installation) Windows 4516055 Information Base: 6.5 Important 4512518 Yes Server 2012 Monthly Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 Rollup Vector: 4516062 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Security Only

4516055 Windows Monthly Base: 6.5 Server 2012 Rollup Information Temporal: 5.9 (Server 4516062 Important 4512518 Yes Disclosure Vector: Core Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Only

4516064 Security Base: 6.5 Windows Only Information Temporal: 5.9 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

Windows 4516064 Base: 6.5 8.1 for x64- Security Information Temporal: 5.9 Important 4512488 Yes based Only Disclosure Vector: systems 4516067 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 Monthly Rollup

4516064 Security Base: 6.5 Windows Only Information Temporal: 5.9 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516067 Base: 6.5 Windows Monthly Information Temporal: 5.9 Important 4512488 Yes RT 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 6.5 Server 2012 Only Information Temporal: 5.9 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 4516070 Base: 6.5 Windows 10 Security Information Temporal: 5.9 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516070 Base: 6.5 for x64- Security Information Temporal: 5.9 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516044 Base: 6.5 Windows Security Information Temporal: 5.9 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.5 Version Security Information Temporal: 5.9 Important 4512517 Yes 1607 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.5 Version Security Information Temporal: 5.9 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Information Base: 6.5 Important 4512517 Yes Server 2016 Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 (Server Update Vector: Core CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Windows 10 4516068 Base: 6.5 Version Security Information Temporal: 5.9 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.5 Version Security Information Temporal: 5.9 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 6.5 Version Security Information Temporal: 5.9 Important 4512516 Yes 1709 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.5 Version Security Information Temporal: 5.9 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Information Base: 6.5 Important 4512501 Yes Version Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 1803 for 32- Update Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.5 Version Security Information Temporal: 5.9 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4516058 Base: 6.5 version Security Information Temporal: 5.9 1803 Important 4512501 Yes Update Disclosure Vector: (Server CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Core Installation) Windows 10 Version 4516058 Base: 6.5 1803 for Security Information Temporal: 5.9 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Information Base: 6.5 Important 4511553 Yes Version Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 1809 for 32- Update Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.5 Version Security Information Temporal: 5.9 1809 for Important 4511553 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4512578 Base: 6.5 1809 for Security Information Temporal: 5.9 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 6.5 Windows Security Information Temporal: 5.9 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 6.5 Server 2019 Security Information Temporal: 5.9 (Server Important 4511553 Yes Update Disclosure Vector: Core CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 Windows 10 Version 4516066 Base: 6.5 1709 for Security Information Temporal: 5.9 Important 4512516 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 6.5 Version Security Information Temporal: 5.9 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.5 Version Security Information Temporal: 5.9 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4515384 Base: 6.5 1903 for Security Information Temporal: 5.9 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4515384 Information Base: 6.5 Important 4512508 Yes Server, Security Disclosure Temporal: 5.9

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 version Update Vector: 1903 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (Server Core installation) Windows 4516026 Server 2008 Monthly Base: 6.5 for Itanium- Rollup Information Temporal: 5.9 Based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Only Pack 2 4516026 Windows Monthly Server 2008 Base: 6.5 Rollup for 32-bit Information Temporal: 5.9 4516051 Important 4512476 Yes Systems Disclosure Vector: Security Service CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only Pack 2

Windows 4516026 Base: 6.5 Server 2008 Monthly Information Temporal: 5.9 Important 4512476 Yes for x64- Rollup Disclosure Vector: based 4516051 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1245 Systems Security Service Only Pack 2 Windows Server 2008 4516026 for x64- Monthly based Base: 6.5 Rollup Systems Information Temporal: 5.9 4516051 Important 4512476 Yes Service Disclosure Vector: Security Pack 2 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only (Server

Core installation)

CVE-2019-1246 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability Remote Code Important 2019-1246 Description: Execution

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE A remote code execution vulnerability exists when the Windows Jet Database Engine NVD improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1246 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows 7 4516033 Base: 7.8 for x64-based Security Remote Temporal: 7 Systems Only Important Code 4512506 Yes Vector: Service Pack 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Remote Itanium- Temporal: 7 4516065 Important Code 4512506 Yes Based Vector: Monthly Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Base: 7.8 Remote Server 2008 Security Temporal: 7 Important Code 4512506 Yes R2 for x64- Only Vector: Execution based 4516065 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Systems Monthly Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Monthly Base: 7.8 Rollup Remote Windows Temporal: 7 4516062 Important Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Windows Base: 7.8 Monthly Remote Server 2012 Temporal: 7 Rollup Important Code 4512518 Yes (Server Core Vector: 4516062 Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Microsoft 4475599 Office 2010 Remote Base: N/A Security Service Pack Important Code 4475506 Temporal: N/A Maybe Update 2 (32-bit Execution Vector: N/A editions) Microsoft 4475599 Office 2010 Remote Base: N/A Security Service Pack Important Code 4475506 Temporal: N/A Maybe Update 2 (64-bit Execution Vector: N/A editions) 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Microsoft 4475611 Office 2013 Remote Base: N/A Security Service Pack Important Code 4464599 Temporal: N/A Maybe Update 1 (32-bit Execution Vector: N/A editions) Microsoft 4475611 Office 2013 Remote Base: N/A Security Service Pack Important Code 4464599 Temporal: N/A Maybe Update 1 (64-bit Execution Vector: N/A editions) Microsoft 4475611 Remote Base: N/A Office 2013 Security Important Code 4464599 Temporal: N/A Maybe RT Service Update Execution Vector: N/A Pack 1 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Microsoft 4475591 Remote Base: N/A Office 2016 Security Important Code 4475538 Temporal: N/A Maybe (32-bit Update Execution Vector: N/A edition) Microsoft 4475591 Remote Base: N/A Office 2016 Security Important Code 4475538 Temporal: N/A Maybe (64-bit Update Execution Vector: N/A edition) 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 4516044 Base: 7.8 Important Code 4512517 Yes Server 2016 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 (Server Core Update Vector: installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Remote Security Temporal: 7 for ARM64- Important Code 4512501 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Click to Microsoft Run Remote Base: N/A Office 2019 Security Important Code 4511553 Temporal: N/A No for 32-bit Update Execution Vector: N/A editions

Click to Microsoft Run Remote Base: N/A Office 2019 Security Important Code 4511553 Temporal: N/A No for 64-bit Update Execution Vector: N/A editions

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Click to Office 365 Run Remote Base: N/A ProPlus for Security Important Code 4511553 Temporal: N/A No 32-bit Update Execution Vector: N/A Systems

Click to Office 365 Run Remote Base: N/A ProPlus for Security Important Code 4511553 Temporal: N/A No 64-bit Update Execution Vector: N/A Systems

Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Server 2008 Base: 7.8 Monthly Remote for 32-bit Temporal: 7 Rollup Important Code 4512476 Yes Systems Vector: 4516051 Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1246 Only

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. CVE- The update addresses the vulnerability by correcting the way the Windows Jet Database 2019-1247 Remote Code Engine handles objects in memory. Important MITRE Execution NVD FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1247 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Base: 7.8 for 32-bit Security Remote Temporal: 7 Systems Only Important Code 4512506 Yes Vector: Service Pack 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for Only Important Code 4512506 Yes Vector: Itanium- 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Based Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Remote Temporal: 7 based 4516065 Important Code 4512506 Yes Vector: Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Base: 7.8 Monthly Remote Windows Temporal: 7 Rollup Important Code 4512518 Yes Server 2012 Vector: 4516062 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 Only

4516055 Monthly Windows Base: 7.8 Rollup Remote Server 2012 Temporal: 7 4516062 Important Code 4512518 Yes (Server Core Vector: Security Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516068 Base: 7.8 Important Code 4512507 Yes Version 1703 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Remote Security Temporal: 7 for ARM64- Important Code 4512501 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Server 2008 Base: 7.8 Monthly Remote for 32-bit Temporal: 7 Rollup Important Code 4512476 Yes Systems Vector: 4516051 Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1247 Only

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. CVE- The update addresses the vulnerability by correcting the way the Windows Jet Database 2019-1248 Remote Code Engine handles objects in memory. Important MITRE Execution NVD FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1248 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Base: 7.8 for 32-bit Security Remote Temporal: 7 Systems Only Important Code 4512506 Yes Vector: Service Pack 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for Only Important Code 4512506 Yes Vector: Itanium- 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Based Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Remote Temporal: 7 based 4516065 Important Code 4512506 Yes Vector: Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Base: 7.8 Monthly Remote Windows Temporal: 7 Rollup Important Code 4512518 Yes Server 2012 Vector: 4516062 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 Only

4516055 Monthly Windows Base: 7.8 Rollup Remote Server 2012 Temporal: 7 4516062 Important Code 4512518 Yes (Server Core Vector: Security Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516068 Base: 7.8 Important Code 4512507 Yes Version 1703 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Remote Security Temporal: 7 for ARM64- Important Code 4512501 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Server 2008 Base: 7.8 Monthly Remote for 32-bit Temporal: 7 Rollup Important Code 4512476 Yes Systems Vector: 4516051 Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1248 Only

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. CVE- The update addresses the vulnerability by correcting the way the Windows Jet Database 2019-1249 Remote Code Engine handles objects in memory. Important MITRE Execution NVD FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1249 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Base: 7.8 for 32-bit Security Remote Temporal: 7 Systems Only Important Code 4512506 Yes Vector: Service Pack 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for Only Important Code 4512506 Yes Vector: Itanium- 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Based Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Remote Temporal: 7 based 4516065 Important Code 4512506 Yes Vector: Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Base: 7.8 Monthly Remote Windows Temporal: 7 Rollup Important Code 4512518 Yes Server 2012 Vector: 4516062 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 Only

4516055 Monthly Windows Base: 7.8 Rollup Remote Server 2012 Temporal: 7 4516062 Important Code 4512518 Yes (Server Core Vector: Security Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516068 Base: 7.8 Important Code 4512507 Yes Version 1703 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Remote Security Temporal: 7 for ARM64- Important Code 4512501 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Server 2008 Base: 7.8 Monthly Remote for 32-bit Temporal: 7 Rollup Important Code 4512476 Yes Systems Vector: 4516051 Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1249 Only

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. CVE- The update addresses the vulnerability by correcting the way the Windows Jet Database 2019-1250 Remote Code Engine handles objects in memory. Important MITRE Execution NVD FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.

Mitigations: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1250 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Base: 7.8 for 32-bit Security Remote Temporal: 7 Systems Only Important Code 4512506 Yes Vector: Service Pack 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4516065 Important Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Base: 7.8 Server 2008 Security Remote Temporal: 7 R2 for Only Important Code 4512506 Yes Vector: Itanium- 4516065 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Based Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Remote Temporal: 7 based 4516065 Important Code 4512506 Yes Vector: Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Base: 7.8 Monthly Remote Windows Temporal: 7 Rollup Important Code 4512518 Yes Server 2012 Vector: 4516062 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 Only

4516055 Monthly Windows Base: 7.8 Rollup Remote Server 2012 Temporal: 7 4516062 Important Code 4512518 Yes (Server Core Vector: Security Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for 32-bit 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Remote Temporal: 7 for x64-based 4516067 Important Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 4516064 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4516067 Important Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Remote Windows RT Monthly Temporal: 7 Important Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Remote Temporal: 7 R2 (Server 4516067 Important Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for 32-bit Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 4516070 Base: 7.8 Windows 10 Remote Security Temporal: 7 for x64-based Important Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Remote Version 1607 Security Temporal: 7 Important Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Remote Server 2016 Security Temporal: 7 Important Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516068 Base: 7.8 Important Code 4512507 Yes Version 1703 Security Temporal: 7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Remote Version 1703 Security Temporal: 7 Important Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Remote Version 1709 Security Temporal: 7 Important Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Remote Version 1803 Security Temporal: 7 Important Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 Windows 4516058 Base: 7.8 Server, Remote Security Temporal: 7 version 1803 Important Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Remote Security Temporal: 7 for ARM64- Important Code 4512501 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Remote Version 1809 Security Temporal: 7 Important Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Remote Security Temporal: 7 for ARM64- Important Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 4512578 Base: 7.8 Remote Windows Security Temporal: 7 Important Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Remote Server 2019 Security Temporal: 7 Important Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Remote Security Temporal: 7 for ARM64- Important Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Remote Version 1903 Security Temporal: 7 Important Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 Windows 10 4515384 Base: 7.8 Version 1903 Remote Security Temporal: 7 for ARM64- Important Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Remote Security Temporal: 7 version 1903 Important Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Remote Temporal: 7 Based 4516051 Important Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Server 2008 Base: 7.8 Monthly Remote for 32-bit Temporal: 7 Rollup Important Code 4512476 Yes Systems Vector: 4516051 Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1250 Only

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Remote for x64-based Temporal: 7 4516051 Important Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Remote Systems Temporal: 7 4516051 Important Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1251 - DirectWrite Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: DirectWrite Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted CVE- webpage. 2019-1251 Information Important MITRE The security update addresses the vulnerability by correcting how DirectWrite handles objects Disclosure NVD in memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1251 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4516068 Information Base: 5.5 Important 4512507 Yes Version Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1251 1703 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Base: 5.5 Version Security Information Temporal: 5 Important 4512501 Yes 1803 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Information Base: 5.5 Version Important 4512501 Yes Security Disclosure Temporal: 5 1803 for

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1251 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows Server, 4516058 Base: 5.5 version Security Information Temporal: 5 1803 Important 4512501 Yes Update Disclosure Vector: (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Core Installation) Windows 10 Version 4516058 Base: 5.5 1803 for Security Information Temporal: 5 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 Important 4511553 Yes 1809 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4512578 Base: 5.5 Windows 10 Security Information Temporal: 5 Version Important 4511553 Yes Update Disclosure Vector: 1809 for CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1251 x64-based Systems Windows 10 Version 4512578 Base: 5.5 1809 for Security Information Temporal: 5 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 5.5 Windows Security Information Temporal: 5 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.5 Server 2019 Security Information Temporal: 5 (Server Important 4511553 Yes Update Disclosure Vector: Core CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Windows 10 Version 4516066 Base: 5.5 1709 for Security Information Temporal: 5 Important 4512516 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1251 Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4515384 Base: 5.5 1903 for Security Information Temporal: 5 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4515384 Base: 5.5 version Security Information Temporal: 5 1903 Important 4512508 Yes Update Disclosure Vector: (Server CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 - Windows GDI Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a CVE- user to open a specially crafted document, or by convincing a user to visit an untrusted 2019- webpage. Information 1252 Important The security update addresses the vulnerability by correcting how the Windows GDI Disclosure MITRE component handles objects in memory. NVD

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1252 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Information Base: 5.5 Important 4512506 Yes for 32-bit Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 Systems Only Vector: Service 4516065 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Pack 1 Monthly Rollup

4516033 Windows 7 Security for x64- Base: 5.5 Only based Information Temporal: 5 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup Pack 1

Windows Server 2008 4516033 R2 for x64- Security Base: 5.5 based Only Information Temporal: 5 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Monthly CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Pack 1 Rollup (Server Core installation) Windows 4516033 Information Base: 5.5 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 R2 for Only Vector: Itanium- 4516065 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Based Monthly Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 5.5 R2 for x64- Only Information Temporal: 5 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Rollup Pack 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 5.5 Rollup Systems Information Temporal: 5 4516051 Important 4512476 Yes Service Disclosure Vector: Security Pack 2 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only (Server Core installation) Windows 4516055 Information Base: 5.5 Important 4512518 Yes Server 2012 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 Rollup Vector: 4516062 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Security Only

4516055 Monthly Windows Base: 5.5 Rollup Server 2012 Information Temporal: 5 4516062 Important 4512518 Yes (Server Core Disclosure Vector: Security installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

Windows 4516064 Base: 5.5 8.1 for x64- Security Information Temporal: 5 Important 4512488 Yes based Only Disclosure Vector: systems 4516067 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 Monthly Rollup

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516067 Base: 5.5 Windows Monthly Information Temporal: 5 Important 4512488 Yes RT 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 5.5 Server 2012 Only Information Temporal: 5 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 4516070 Base: 5.5 Windows 10 Security Information Temporal: 5 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516070 Base: 5.5 for x64- Security Information Temporal: 5 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516044 Base: 5.5 Windows Security Information Temporal: 5 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 Important 4512517 Yes 1607 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Information Base: 5.5 Important 4512517 Yes Server 2016 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 (Server Core Update Vector: installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Information Base: 5.5 Important 4512501 Yes Version Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 1803 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.5 Version Security Information Temporal: 5 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4516058 Base: 5.5 version Security Information Temporal: 5 Important 4512501 Yes 1803 Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Installation) Windows 10 Version 4516058 Base: 5.5 1803 for Security Information Temporal: 5 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 Important 4511553 Yes 1809 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 1809 for Important 4511553 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4512578 Base: 5.5 1809 for Security Information Temporal: 5 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 5.5 Windows Security Information Temporal: 5 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.5 Server 2019 Security Information Temporal: 5 Important 4511553 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for Update Disclosure Vector: ARM64- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 based Systems Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4515384 Base: 5.5 1903 for Security Information Temporal: 5 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4515384 Base: 5.5 version Security Information Temporal: 5 Important 4512508 Yes 1903 Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 Windows 4516026 Server 2008 Monthly Base: 5.5 for Itanium- Rollup Information Temporal: 5 Based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Only Pack 2 4516026 Windows Monthly Server 2008 Base: 5.5 Rollup for 32-bit Information Temporal: 5 4516051 Important 4512476 Yes Systems Disclosure Vector: Security Service CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only Pack 2

Windows 4516026 Server 2008 Monthly Base: 5.5 for x64- Rollup Information Temporal: 5 based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Only Pack 2 Windows 4516026 Information Base: 5.5 Important 4512476 Yes Server 2008 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1252 for x64- Rollup Vector: based 4516051 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Security Service Only Pack 2 (Server Core installation)

CVE-2019-1253 - Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows AppX Deployment Server CVE-2019- improperly handles junctions. 1253 Elevation of Important MITRE To exploit this vulnerability, an attacker would first have to gain execution on the victim Privilege NVD system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Server handles junctions.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1253 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1253 Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7.8 Important of 4512501 Yes Version 1803 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1253 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4512578 Base: 7.8 Version 1809 Important of 4511553 Yes Security Temporal: 7 for ARM64- Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1253 based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1253 Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2019-1254 - Windows Hyper-V Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Hyper-V Information Disclosure Vulnerability CVE- Description: 2019-1254 Information An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized Important MITRE memory to disk. An attacker could exploit the vulnerability by reading a file to recover Disclosure NVD kernel memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit the vulnerability, an attacker would first require access to a Hyper-V host. The security update addresses the vulnerability by ensuring Hyper-V properly initializes memory before writing it to disk.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1254 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516044 Base: 5.5 Windows Security Information Temporal: 5 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Base: 5.5 Server 2016 Security Information Temporal: 5 (Server Important 4512517 Yes Update Disclosure Vector: Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Windows 10 4516068 Information Base: 5.5 Important 4512507 Yes Version Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1254 1703 for Update Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Base: 5.5 Version Security Information Temporal: 5 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4516058 Base: 5.5 version Security Information Temporal: 5 1803 Important 4512501 Yes Update Disclosure Vector: (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Core Installation) Windows 10 4512578 Information Base: 5.5 Version Important 4511553 Yes Security Disclosure Temporal: 5 1809 for

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1254 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4512578 Base: 5.5 Windows Security Information Temporal: 5 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.5 Server 2019 Security Information Temporal: 5 (Server Important 4511553 Yes Update Disclosure Vector: Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows Server, 4515384 Base: 5.5 version Security Information Temporal: 5 1903 Important 4512508 Yes Update Disclosure Vector: (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 - Win32k Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVE- To exploit this vulnerability, an attacker would first have to log on to the system. An attacker 2019- could then run a specially crafted application that could exploit the vulnerability and take control Elevation of 1256 of an affected system. Important Privilege MITRE The update addresses this vulnerability by correcting how Win32k handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1256 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 4516033 Windows 7 Security Base: 7.8 for x64-based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) 4516033 Windows Security Server 2008 Base: 7.8 Only Elevation R2 for Temporal: 7 4516065 Important of 4512506 Yes Itanium- Vector: Monthly Privilege Based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 Service Pack 1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Elevation Temporal: 7 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) 4516055 Base: 7.8 Monthly Elevation Windows Temporal: 7 Rollup Important of 4512518 Yes Server 2012 Vector: 4516062 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 Only

4516055 Monthly Windows Base: 7.8 Rollup Elevation Server 2012 Temporal: 7 4516062 Important of 4512518 Yes (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 4516064 Security Base: 7.8 Windows Only Elevation Temporal: 7 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.8 Server 2012 Only Elevation Temporal: 7 R2 (Server 4516067 Important of 4512488 Yes Vector: Core Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516068 Base: 7.8 Important of 4512507 Yes Version 1703 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4516051 Important of 4512476 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Server 2008 Base: 7.8 Monthly Elevation for 32-bit Temporal: 7 Rollup Important of 4512476 Yes Systems Vector: 4516051 Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1256 Only

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for x64-based Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1257 - Microsoft SharePoint Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

CVE- Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint 2019- application package to an affected version of SharePoint. Remote Code 1257 Critical The security update addresses the vulnerability by correcting how SharePoint checks the source Execution MITRE markup of application packages. NVD

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1257 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4475605 Security Microsoft SharePoint Foundation 2010 Remote Code Base: N/A Update Critical 4475575 Maybe Service Pack 2 Execution Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1257 N/A Vector: N/A Base: N/A 4484098 Security Microsoft SharePoint Foundation 2013 Remote Code Temporal: Update Critical 4475565 Maybe Service Pack 1 Execution N/A

Vector: N/A Base: N/A 4475590 Security Microsoft SharePoint Enterprise Server Remote Code Temporal: Update Critical 4475549 Maybe 2016 Execution N/A

Vector: N/A Base: N/A 4475596 Security Remote Code Temporal: Microsoft SharePoint Server 2019 Update Critical 4475555 Maybe Execution N/A

Vector: N/A

CVE-2019-1259 - Microsoft SharePoint Spoofing Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Microsoft SharePoint Spoofing Vulnerability Moderate Spoofing 2019-1259 Description:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests NVD to authorize applications, resulting in cross-site request forgery (CSRF). To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes user web requests.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1259 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4484098 Security Base: N/A Microsoft SharePoint Foundation 2013 Service Update Moderate Spoofing 4475565 Temporal: N/A Maybe Pack 1 Vector: N/A

CVE-2019-1260 - Microsoft SharePoint Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability Elevation of Important 2019-1260 Description: Privilege

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who NVD successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user. The security update addresses the vulnerability by correcting how Microsoft SharePoint sanitizes user input.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

Mitigations:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1260 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4475605 Security Microsoft SharePoint Foundation 2010 Elevation of Temporal: Update Important 4475575 Maybe Service Pack 2 Privilege N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1260 4484098 Security Base: N/A Update Microsoft SharePoint Foundation 2013 Elevation of Temporal: 4484099 Security Important 4475565 Maybe Service Pack 1 Privilege N/A Update Vector: N/A

4475590 Security Base: N/A Update Microsoft SharePoint Enterprise Server Elevation of Temporal: 4475594 Security Important 4475549 Maybe 2016 Privilege N/A Update Vector: N/A

4464557 Security Base: N/A Update Elevation of Temporal: Microsoft SharePoint Server 2019 4475596 Security Important 4475555 Maybe Privilege N/A Update Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1261 - Microsoft SharePoint Spoofing Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft SharePoint Spoofing Vulnerability Description: A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF). To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page. CVE- The security update addresses the vulnerability by helping to ensure that SharePoint Server 2019-1261 properly sanitizes user web requests. Important Spoofing MITRE NVD FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1261 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4484098 Security Base: N/A Microsoft SharePoint Foundation 2013 Service Update Important Spoofing 4475565 Temporal: N/A Maybe Pack 1 Vector: N/A 4475590 Security Base: N/A Microsoft SharePoint Enterprise Server 2016 Update Important Spoofing 4475549 Temporal: N/A Maybe Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1261 4475596 Security Base: N/A Microsoft SharePoint Server 2019 Update Important Spoofing 4475555 Temporal: N/A Maybe Vector: N/A

CVE-2019-1262 - Microsoft Office SharePoint XSS Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Office SharePoint XSS Vulnerability Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An CVE- authenticated attacker could exploit the vulnerability by sending a specially crafted request to an 2019- affected SharePoint server. 1262 Important Spoofing MITRE The attacker who successfully exploited the vulnerability could then perform cross-site scripting NVD attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1262 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4484098 Security Base: N/A Microsoft SharePoint Foundation 2013 Service Update Important Spoofing 4475565 Temporal: N/A Maybe Pack 1 Vector: N/A

CVE-2019-1263 - Microsoft Excel Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Excel Information Disclosure Vulnerability CVE- Description: 2019-1263 Information An information disclosure vulnerability exists when Microsoft Excel improperly discloses the Important MITRE contents of its memory. An attacker who exploited the vulnerability could use the information Disclosure NVD to compromise the user’s computer or data.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1263 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4475574 Security Microsoft Excel 2010 Service Pack 2 Information Temporal: Update Important 4464572 Maybe (32-bit editions) Disclosure N/A

Vector: N/A Base: N/A 4475574 Security Microsoft Excel 2010 Service Pack 2 Information Temporal: Update Important 4464572 Maybe (64-bit editions) Disclosure N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1263 Base: N/A 4475566 Security Microsoft Excel 2013 Service Pack 1 Information Temporal: Update Important 4464565 Maybe (32-bit editions) Disclosure N/A

Vector: N/A Base: N/A 4475566 Security Microsoft Excel 2013 Service Pack 1 Information Temporal: Update Important 4464565 Maybe (64-bit editions) Disclosure N/A

Vector: N/A Base: N/A 4475566 Security Microsoft Excel 2013 RT Service Pack Information Temporal: Update Important 4464565 Maybe 1 Disclosure N/A

Vector: N/A Base: N/A Release Notes Security Information Temporal: Microsoft Office 2016 for Mac Update Important 4464565 No Disclosure N/A

Vector: N/A Base: N/A 4475579 Security Information Temporal: Microsoft Excel 2016 (32-bit edition) Update Important 4475513 Maybe Disclosure N/A

Vector: N/A 4475579 Security Information Base: N/A Microsoft Excel 2016 (64-bit edition) Update Important 4475513 Maybe Disclosure Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1263 N/A Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 32-bit Information Temporal: Update Important 4475513 No editions Disclosure N/A

Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 64-bit Information Temporal: Update Important 4475513 No editions Disclosure N/A

Vector: N/A Base: N/A Release Notes Security Information Temporal: Microsoft Office 2019 for Mac Update Important 4475513 No Disclosure N/A

Vector: N/A Base: N/A Click to Run Security Information Temporal: Office 365 ProPlus for 32-bit Systems Update Important 4475513 No Disclosure N/A

Vector: N/A Base: N/A Click to Run Security Information Temporal: Office 365 ProPlus for 64-bit Systems Update Important 4475513 No Disclosure N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1264 - Microsoft Office Security Feature Bypass Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Office Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the document by clicking a specific cell. CVE- The update addresses the vulnerability by correcting how Microsoft Office handles input. 2019-1264 Security Feature Important MITRE Bypass NVD FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1264 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4461631 Security Microsoft Project 2010 Service Pack 2 Security Feature Temporal: Update Important 4022147 Maybe (32-bit editions) Bypass N/A

Vector: N/A 4461631 Security Microsoft Project 2010 Service Pack 2 Security Feature Base: N/A Update Important 4022147 Maybe (64-bit editions) Bypass Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1264 N/A Vector: N/A Base: N/A 4464566 Security Microsoft Office 2010 Service Pack 2 Security Feature Temporal: Update Important 4462223 Maybe (32-bit editions) Bypass N/A

Vector: N/A Base: N/A 4464566 Security Microsoft Office 2010 Service Pack 2 Security Feature Temporal: Update Important 4462223 Maybe (64-bit editions) Bypass N/A

Vector: N/A Base: N/A 4475607 Security Service Pack 1 Security Feature Temporal: Update Important 4464558 Maybe (32-bit editions) Bypass N/A

Vector: N/A Base: N/A 4475607 Security Microsoft Office 2013 Service Pack 1 Security Feature Temporal: Update Important 4464558 Maybe (64-bit editions) Bypass N/A

Vector: N/A Base: N/A 4475607 Security Microsoft Office 2013 RT Service Pack Security Feature Temporal: Update Important 4464558 Maybe 1 Bypass N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1264 Base: N/A 4475583 Security Security Feature Temporal: Microsoft Office 2016 (32-bit edition) Update Important 4462242 Maybe Bypass N/A

Vector: N/A Base: N/A 4475583 Security Security Feature Temporal: Microsoft Office 2016 (64-bit edition) Update Important 4462242 Maybe Bypass N/A

Vector: N/A Base: N/A 4475589 Security Security Feature Temporal: Microsoft Project 2016 (32-bit edition) Update Important 4461478 Maybe Bypass N/A

Vector: N/A Base: N/A 4475589 Security Security Feature Temporal: Microsoft Project 2016 (64-bit edition) Update Important 4461478 Maybe Bypass N/A

Vector: N/A Base: N/A 4464548 Security Microsoft Project 2013 Service Pack 1 Security Feature Temporal: Update Important 4461489 Maybe (32-bit editions) Bypass N/A

Vector: N/A 4464548 Security Microsoft Project 2013 Service Pack 1 Security Feature Base: N/A Update Important 4461489 Maybe (64-bit editions) Bypass Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1264 N/A Vector: N/A Base: N/A Click to Run Security Security Feature Temporal: Microsoft Office 2019 for 32-bit editions Update Important 4461489 No Bypass N/A

Vector: N/A Base: N/A Click to Run Security Security Feature Temporal: Microsoft Office 2019 for 64-bit editions Update Important 4461489 No Bypass N/A

Vector: N/A Base: N/A Click to Run Security Security Feature Temporal: Office 365 ProPlus for 32-bit Systems Update Important 4461489 No Bypass N/A

Vector: N/A Base: N/A Click to Run Security Security Feature Temporal: Office 365 ProPlus for 64-bit Systems Update Important 4461489 No Bypass N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1265 - Microsoft Yammer Security Feature Bypass Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Yammer Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy. This could allow an attacker to perform functions that are restricted by Intune Policy. The security update addresses the vulnerability by correcting the way the policy is applied to CVE- Yammer App. 2019-1265 Security Feature Important MITRE FAQ: Bypass NVD How do I get the update for Yammer for Android?

1. Tap the Google Play icon on your home screen. 2. Swipe in from the left edge of the screen. 3. Tap My apps & games. 4. Tap the Update box next to the Yammer app.

Is there a direct link on the web?

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Yes: https://play.google.com/store/apps/details?id=com.yammer.v1&hl=en_US

What versions of the Yammer for Android App contain the fix for this vulnerability? Yammer for Android App versions 5.6.10 or higher are not affected by this vulnerability.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1265 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A Yammer for Android Important Security Feature Bypass Temporal: N/A Vector: N/A

CVE-2019-1266 - Microsoft Exchange Spoofing Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Exchange Spoofing Vulnerability Description: CVE- A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) 2019- fails to properly handle web requests. An attacker who successfully exploited the vulnerability 1266 could perform script or content injection attacks, and attempt to trick the user into disclosing Important Spoofing MITRE sensitive information. An attacker could also redirect the user to a malicious website that could NVD spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating To exploit the vulnerability, an attacker could send a specially crafted email containing a malicious link to a user. An attacker could also use a chat client to social engineer a user into clicking the malicious link. However, in both examples the user must click the malicious link. The security update addresses the vulnerability by correcting how OWA validates web requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1266 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4515832 Security Base: N/A Microsoft Exchange Server 2016 Cumulative Update Important Spoofing 4509409 Temporal: N/A Maybe Update 12 Vector: N/A 4515832 Security Base: N/A Microsoft Exchange Server 2019 Cumulative Update Important Spoofing 4509408 Temporal: N/A Maybe Update 1 Vector: N/A 4515832 Security Base: N/A Microsoft Exchange Server 2019 Cumulative Update Important Spoofing 4509408 Temporal: N/A Maybe Update 2 Vector: N/A 4515832 Security Base: N/A Microsoft Exchange Server 2016 Cumulative Update Important Spoofing 4509409 Temporal: N/A Maybe Update 13 Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 - Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. CVE- An attacker could then install programs; view, change or delete data. 2019- To exploit this vulnerability, an attacker would first have to log on to the system. An attacker Elevation of 1267 Important could then run a specially crafted application that could exploit the vulnerability and take control Privilege MITRE of an affected system. NVD The security update addresses the vulnerability by writing the file to a location with an appropriate Access Control List.

FAQ: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1267 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 for 4516033 Elevation Base: 7.3 32-bit Systems Security Important of 4512506 Yes Temporal: 6.6 Service Pack 1 Only Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 4516065 Vector: Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Rollup

4516033 Security Windows 7 for Base: 7.3 Only Elevation x64-based Temporal: 6.6 4516065 Important of 4512506 Yes Systems Vector: Monthly Privilege Service Pack 1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Rollup

Windows 4516033 Server 2008 Security Base: 7.3 R2 for x64- Only Elevation Temporal: 6.6 based Systems 4516065 Important of 4512506 Yes Vector: Service Pack 1 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C (Server Core Rollup installation) 4516033 Windows Base: 7.3 Security Elevation Server 2008 Temporal: 6.6 Only Important of 4512506 Yes R2 for Vector: 4516065 Privilege Itanium-Based CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 Systems Rollup Service Pack 1 4516033 Windows Security Base: 7.3 Server 2008 Only Elevation Temporal: 6.6 R2 for x64- 4516065 Important of 4512506 Yes Vector: based Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Service Pack 1 Rollup

4516064 Security Base: 7.3 Windows 8.1 Only Elevation Temporal: 6.6 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.3 Windows 8.1 Only Elevation Temporal: 6.6 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 4516064 Security Base: 7.3 Windows Only Elevation Temporal: 6.6 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Rollup

4516064 Windows Security Base: 7.3 Server 2012 Only Elevation Temporal: 6.6 R2 (Server 4516067 Important of 4512488 Yes Vector: Core Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.3 Windows 10 Elevation Security Temporal: 6.6 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C 4516070 Base: 7.3 Windows 10 Elevation Security Temporal: 6.6 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 4516044 Base: 7.3 Elevation Windows Security Temporal: 6.6 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.3 Elevation Version 1607 Security Temporal: 6.6 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.3 Elevation Version 1607 Security Temporal: 6.6 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 4516044 Base: 7.3 Elevation Server 2016 Security Temporal: 6.6 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.3 Elevation Version 1703 Security Temporal: 6.6 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Elevation Windows 10 4516068 Base: 7.3 Important of 4512507 Yes Version 1703 Security Temporal: 6.6 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.3 Elevation Version 1709 Security Temporal: 6.6 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.3 Elevation Version 1709 Security Temporal: 6.6 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.3 Elevation Version 1803 Security Temporal: 6.6 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.3 Elevation Version 1803 Security Temporal: 6.6 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 4516058 Base: 7.3 Server, Elevation Security Temporal: 6.6 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 Windows 10 4516058 Base: 7.3 Elevation Version 1803 Security Temporal: 6.6 Important of 4512501 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.3 Elevation Version 1809 Security Temporal: 6.6 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.3 Elevation Version 1809 Security Temporal: 6.6 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.3 Elevation Version 1809 Security Temporal: 6.6 Important of 4511553 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C 4512578 Base: 7.3 Elevation Windows Security Temporal: 6.6 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Elevation Windows 4512578 Base: 7.3 Important of 4511553 Yes Server 2019 Security Temporal: 6.6 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 (Server Core Update Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.3 Elevation Version 1709 Security Temporal: 6.6 Important of 4512516 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.3 Elevation Version 1903 Security Temporal: 6.6 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.3 Elevation Version 1903 Security Temporal: 6.6 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.3 Elevation Version 1903 Security Temporal: 6.6 Important of 4512508 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C 4515384 Base: 7.3 Windows Elevation Security Temporal: 6.6 Server, Important of 4512508 Yes Update Vector: version 1903 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1267 (Server Core installation)

CVE-2019-1268 - Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Winlogon Elevation of Privilege Vulnerability Description: An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker CVE- could then install programs; view, change, or delete data; or create new accounts with full user 2019- rights. Elevation of 1268 Important To exploit this vulnerability, an attacker would first have to log on to the system. An attacker Privilege MITRE could then run a specially crafted application to take control of an affected system. NVD The update addresses the vulnerability by correcting how Winlogon handles path information.

FAQ: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1268 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Elevation Base: 6.5 for 32-bit Security Important of 4512506 Yes Temporal: 5.9 Systems Only Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 Service Pack 4516065 Vector: 1 Monthly CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Rollup

4516033 Windows 7 Security Base: 6.5 for x64-based Only Elevation Temporal: 5.9 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 6.5 based Only Elevation Temporal: 5.9 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Elevation Base: 6.5 Server 2008 Security Important of 4512506 Yes Temporal: 5.9 R2 for Only Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 Itanium- 4516065 Vector: Based Monthly CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 6.5 R2 for x64- Only Elevation Temporal: 5.9 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 6.5 Rollup Elevation Systems Temporal: 5.9 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Only Core installation) 4516055 Elevation Windows Base: 6.5 Monthly Important of 4512518 Yes Server 2012 Temporal: 5.9 Rollup Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 4516062 Vector: Security CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 6.5 Rollup Elevation Server 2012 Temporal: 5.9 4516062 Important of 4512518 Yes (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Only

4516064 Security Base: 6.5 Windows 8.1 Only Elevation Temporal: 5.9 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Rollup

4516064 Base: 6.5 Windows 8.1 Security Elevation Temporal: 5.9 for x64-based Only Important of 4512488 Yes Vector: systems 4516067 Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 Rollup

4516064 Security Base: 6.5 Windows Only Elevation Temporal: 5.9 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Rollup

4516067 Base: 6.5 Elevation Windows RT Monthly Temporal: 5.9 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 6.5 Server 2012 Only Elevation Temporal: 5.9 R2 (Server 4516067 Important of 4512488 Yes Vector: Core Monthly Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C installation) Rollup

Windows 10 Elevation 4516070 Base: 6.5 for 32-bit Important of 4512497 Yes Security Temporal: 5.9 Systems Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 Update Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C 4516070 Base: 6.5 Windows 10 Elevation Security Temporal: 5.9 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C 4516044 Base: 6.5 Elevation Windows Security Temporal: 5.9 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.5 Elevation Version 1607 Security Temporal: 5.9 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.5 Elevation Version 1607 Security Temporal: 5.9 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 4516044 Base: 6.5 Elevation Server 2016 Security Temporal: 5.9 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 Windows 10 4516068 Base: 6.5 Elevation Version 1703 Security Temporal: 5.9 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.5 Elevation Version 1703 Security Temporal: 5.9 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.5 Elevation Version 1709 Security Temporal: 5.9 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.5 Elevation Version 1709 Security Temporal: 5.9 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.5 Elevation Version 1803 Security Temporal: 5.9 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 6.5 Important of 4512501 Yes Version 1803 Security Temporal: 5.9 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 for x64-based Update Vector: Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 4516058 Base: 6.5 Server, Elevation Security Temporal: 5.9 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 6.5 Version 1803 Elevation Security Temporal: 5.9 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 6.5 Elevation Version 1809 Security Temporal: 5.9 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.5 Elevation Version 1809 Security Temporal: 5.9 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 Elevation 4512578 Base: 6.5 Version 1809 Important of 4511553 Yes Security Temporal: 5.9 for ARM64- Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 based Update Vector: Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C 4512578 Base: 6.5 Elevation Windows Security Temporal: 5.9 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 6.5 Elevation Server 2019 Security Temporal: 5.9 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.5 Version 1709 Elevation Security Temporal: 5.9 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 6.5 Elevation Version 1903 Security Temporal: 5.9 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.5 Elevation Version 1903 Security Temporal: 5.9 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 Windows 10 4515384 Base: 6.5 Version 1903 Elevation Security Temporal: 5.9 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Systems Windows 4515384 Base: 6.5 Server, Elevation Security Temporal: 5.9 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 6.5 for Itanium- Rollup Elevation Temporal: 5.9 Based 4516051 Important of 4512476 Yes Vector: Systems Security Privilege CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Server 2008 Base: 6.5 Monthly Elevation for 32-bit Temporal: 5.9 Rollup Important of 4512476 Yes Systems Vector: 4516051 Privilege Service Pack CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Security 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1268 Only

4516026 Windows Monthly Server 2008 Base: 6.5 Rollup Elevation for x64-based Temporal: 5.9 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 6.5 Rollup Elevation Systems Temporal: 5.9 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1269 - Windows ALPC Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows ALPC Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE- To exploit this vulnerability, an attacker would first have to log on to the system. An attacker 2019-1269 Elevation of could then run a specially crafted application that could exploit the vulnerability and take Important MITRE Privilege control over an affected system. NVD The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

FAQ: None Mitigations: None Workarounds:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1269 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516064 Security Base: 6.3 Windows 8.1 Only Elevation Temporal: 5.7 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1269 4516064 Security Base: 6.3 Windows 8.1 Only Elevation Temporal: 5.7 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Rollup

4516064 Security Base: 6.3 Windows Only Elevation Temporal: 5.7 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Rollup

4516067 Base: 6.3 Elevation Windows RT Monthly Temporal: 5.7 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4516064 Base: 6.3 Server 2012 Security Elevation Temporal: 5.7 R2 (Server Only Important of 4512488 Yes Vector: Core 4516067 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C installation) Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1269 Rollup

4516070 Base: 6.3 Windows 10 Elevation Security Temporal: 5.7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 4516070 Base: 6.3 Windows 10 Elevation Security Temporal: 5.7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 4516044 Base: 6.3 Elevation Windows Security Temporal: 5.7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Elevation Version 1607 Security Temporal: 5.7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Elevation Version 1607 Security Temporal: 5.7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1269 Windows 4516044 Base: 6.3 Elevation Server 2016 Security Temporal: 5.7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.3 Elevation Version 1703 Security Temporal: 5.7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.3 Elevation Version 1703 Security Temporal: 5.7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Elevation Version 1709 Security Temporal: 5.7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Elevation Version 1709 Security Temporal: 5.7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 6.3 Important of 4512501 Yes Version 1803 Security Temporal: 5.7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1269 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Elevation Version 1803 Security Temporal: 5.7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4516058 Base: 6.3 Server, Elevation Security Temporal: 5.7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 6.3 Version 1803 Elevation Security Temporal: 5.7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 6.3 Elevation Version 1809 Security Temporal: 5.7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Elevation Windows 10 4512578 Base: 6.3 Important of 4511553 Yes Version 1809 Security Temporal: 5.7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1269 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.3 Version 1809 Elevation Security Temporal: 5.7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems 4512578 Base: 6.3 Elevation Windows Security Temporal: 5.7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4512578 Base: 6.3 Elevation Server 2019 Security Temporal: 5.7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Version 1709 Elevation Security Temporal: 5.7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Elevation Windows 10 4515384 Base: 6.3 Important of 4512508 Yes Version 1903 Security Temporal: 5.7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1269 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.3 Elevation Version 1903 Security Temporal: 5.7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.3 Version 1903 Elevation Security Temporal: 5.7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 4515384 Base: 6.3 Server, Elevation Security Temporal: 5.7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1270 - Microsoft Windows Store Installer Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Windows Store Installer Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.

CVE- To exploit this vulnerability, an attacker would first have to log on to the system. An attacker 2019- could then run a specially crafted application that could exploit the vulnerability and add or Elevation of 1270 remove files. Important Privilege MITRE The security update addresses the vulnerability by not allowing reparse points in the NVD WindowsApps directory.

FAQ: None Mitigations: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1270 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516070 Base: 6.3 Windows 10 Elevation Security Temporal: 5.7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1270 4516070 Base: 6.3 Windows 10 Elevation Security Temporal: 5.7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 4516044 Base: 6.3 Elevation Windows Security Temporal: 5.7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Elevation Version 1607 Security Temporal: 5.7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Elevation Version 1607 Security Temporal: 5.7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4516044 Base: 6.3 Elevation Server 2016 Security Temporal: 5.7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Elevation Windows 10 4516068 Base: 6.3 Important of 4512507 Yes Version 1703 Security Temporal: 5.7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1270 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.3 Elevation Version 1703 Security Temporal: 5.7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Elevation Version 1709 Security Temporal: 5.7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Elevation Version 1709 Security Temporal: 5.7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Elevation Version 1803 Security Temporal: 5.7 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Elevation Version 1803 Security Temporal: 5.7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1270 Windows 4516058 Base: 6.3 Server, Elevation Security Temporal: 5.7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 6.3 Version 1803 Elevation Security Temporal: 5.7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 6.3 Elevation Version 1809 Security Temporal: 5.7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.3 Elevation Version 1809 Security Temporal: 5.7 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.3 Version 1809 Elevation Security Temporal: 5.7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1270 4512578 Base: 6.3 Elevation Windows Security Temporal: 5.7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4512578 Base: 6.3 Elevation Server 2019 Security Temporal: 5.7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Version 1709 Elevation Security Temporal: 5.7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 6.3 Elevation Version 1903 Security Temporal: 5.7 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.3 Elevation Version 1903 Security Temporal: 5.7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1270 Windows 10 4515384 Base: 6.3 Version 1903 Elevation Security Temporal: 5.7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 4515384 Base: 6.3 Server, Elevation Security Temporal: 5.7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C installation)

CVE-2019-1271 - Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Windows Media Elevation of Privilege Vulnerability 2019- Description: Elevation of 1271 An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An Important Privilege MITRE attacker who successfully exploited this vulnerability could run processes in an elevated NVD context. An attacker could then install programs; view, change or delete data.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how hdAudio.sys stores the size of the reserved region.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7 for 32-bit Only Elevation Temporal: 6.3 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7 for x64-based Only Elevation Temporal: 6.3 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 1 Rollup

Windows 4516033 Server 2008 Security Base: 7 R2 for x64- Only Elevation Temporal: 6.3 based Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 1 (Server Core Rollup installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 Windows 4516033 Server 2008 Security Base: 7 R2 for Only Elevation Temporal: 6.3 Itanium-Based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Service Pack Rollup 1 4516033 Windows Security Server 2008 Base: 7 Only Elevation R2 for x64- Temporal: 6.3 4516065 Important of 4512506 Yes based Systems Vector: Monthly Privilege Service Pack CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Rollup 1

Windows 4516026 Server 2008 Monthly Base: 7 for 32-bit Rollup Elevation Temporal: 6.3 Systems 4516051 Important of 4512476 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 2 (Server Core Only installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 4516055 Monthly Base: 7 Rollup Elevation Windows Temporal: 6.3 4516062 Important of 4512518 Yes Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 7 Rollup Elevation Server 2012 Temporal: 6.3 4516062 Important of 4512518 Yes (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Only

4516064 Security Base: 7 Windows 8.1 Only Elevation Temporal: 6.3 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 4516064 Security Base: 7 Windows 8.1 Only Elevation Temporal: 6.3 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7 Windows Only Elevation Temporal: 6.3 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Rollup

4516067 Base: 7 Elevation Windows RT Monthly Temporal: 6.3 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 4516064 Base: 7 Server 2012 Security Elevation Temporal: 6.3 R2 (Server Only Important of 4512488 Yes Vector: Core 4516067 Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C installation) Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 Rollup

4516070 Base: 7 Windows 10 Elevation Security Temporal: 6.3 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 4516070 Base: 7 Windows 10 Elevation Security Temporal: 6.3 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 4516044 Base: 7 Elevation Windows Security Temporal: 6.3 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 7 Elevation Version 1607 Security Temporal: 6.3 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 7 Elevation Version 1607 Security Temporal: 6.3 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 Windows 4516044 Base: 7 Elevation Server 2016 Security Temporal: 6.3 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 7 Elevation Version 1703 Security Temporal: 6.3 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 7 Elevation Version 1703 Security Temporal: 6.3 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 7 Elevation Version 1709 Security Temporal: 6.3 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 7 Elevation Version 1709 Security Temporal: 6.3 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7 Important of 4512501 Yes Version 1803 Security Temporal: 6.3 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 7 Elevation Version 1803 Security Temporal: 6.3 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 4516058 Base: 7 Server, Elevation Security Temporal: 6.3 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7 Elevation Version 1803 Security Temporal: 6.3 Important of 4512501 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 7 Elevation Version 1809 Security Temporal: 6.3 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 7 Elevation Version 1809 Security Temporal: 6.3 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 Windows 10 4512578 Base: 7 Elevation Version 1809 Security Temporal: 6.3 Important of 4511553 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 4512578 Base: 7 Elevation Windows Security Temporal: 6.3 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 4512578 Base: 7 Elevation Server 2019 Security Temporal: 6.3 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 7 Elevation Version 1709 Security Temporal: 6.3 Important of 4512516 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 7 Elevation Version 1903 Security Temporal: 6.3 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Elevation Windows 10 4515384 Base: 7 Important of 4512508 Yes Version 1903 Security Temporal: 6.3 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 7 Elevation Version 1903 Security Temporal: 6.3 Important of 4512508 Yes for ARM64- Update Vector: Privilege based Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Windows 4515384 Base: 7 Server, Elevation Security Temporal: 6.3 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7 for Itanium- Rollup Elevation Temporal: 6.3 Based 4516051 Important of 4512476 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Base: 7 Monthly Elevation Server 2008 Temporal: 6.3 Rollup Important of 4512476 Yes for 32-bit Vector: 4516051 Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1271 Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 7 Rollup Elevation for x64-based Temporal: 6.3 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly Base: 7 for x64-based Rollup Elevation Temporal: 6.3 Systems 4516051 Important of 4512476 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:P/RL:O/RC:C 2 (Server Core Only installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1272 - Windows ALPC Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows ALPC Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE- To exploit this vulnerability, an attacker would first have to log on to the system. An attacker 2019-1272 Elevation of could then run a specially crafted application that could exploit the vulnerability and take Important MITRE Privilege control over an affected system. NVD The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

FAQ: None Mitigations: None Workarounds:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1272 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516070 Base: 6.3 Windows 10 Elevation Security Temporal: 5.7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 Elevation 4516070 Base: 6.3 for x64-based Important of 4512497 Yes Security Temporal: 5.7 Systems Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1272 Update Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 4516044 Base: 6.3 Elevation Windows Security Temporal: 5.7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Elevation Version 1607 Security Temporal: 5.7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Elevation Version 1607 Security Temporal: 5.7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4516044 Base: 6.3 Elevation Server 2016 Security Temporal: 5.7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.3 Elevation Version 1703 Security Temporal: 5.7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1272 Windows 10 4516068 Base: 6.3 Elevation Version 1703 Security Temporal: 5.7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Elevation Version 1709 Security Temporal: 5.7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Elevation Version 1709 Security Temporal: 5.7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Elevation Version 1803 Security Temporal: 5.7 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Elevation Version 1803 Security Temporal: 5.7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows Elevation 4516058 Base: 6.3 Server, Important of 4512501 Yes Security Temporal: 5.7 version 1803 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1272 (Server Core Update Vector: Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Version 1803 Elevation Security Temporal: 5.7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 6.3 Elevation Version 1809 Security Temporal: 5.7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.3 Elevation Version 1809 Security Temporal: 5.7 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.3 Version 1809 Elevation Security Temporal: 5.7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Elevation Windows 4512578 Base: 6.3 Important of 4511553 Yes Server 2019 Security Temporal: 5.7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1272 Update Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4512578 Base: 6.3 Elevation Server 2019 Security Temporal: 5.7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Version 1709 Elevation Security Temporal: 5.7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 6.3 Elevation Version 1903 Security Temporal: 5.7 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.3 Elevation Version 1903 Security Temporal: 5.7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 4515384 Base: 6.3 Windows 10 Elevation Security Temporal: 5.7 Version 1903 Important of 4512508 Yes Update Vector: for ARM64- Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1272 based Systems Windows 4515384 Base: 6.3 Server, Elevation Security Temporal: 5.7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C installation)

CVE-2019-1273 - Active Directory Federation Services XSS Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Active Directory Federation Services XSS Vulnerability Description: CVE- A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services 2019- (ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit 1273 the vulnerability by sending a specially crafted request to an affected ADFS server. Important Spoofing MITRE NVD The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating identity to take actions on the ADFS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that ADFS error handling properly sanitizes error messages.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1273 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4516058 Base: 8.2 Version 1803 Security Temporal: 7.4 Important Spoofing 4512501 Yes for 32-bit Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 8.2 Version 1803 Security Temporal: 7.4 Important Spoofing 4512501 Yes for x64-based Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 4516058 Base: 8.2 Server, Security Temporal: 7.4 version 1803 Important Spoofing 4512501 Yes Update Vector: (Server Core CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 8.2 Version 1803 Security Temporal: 7.4 for ARM64- Important Spoofing 4512501 Yes Update Vector: based CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 8.2 Important Spoofing 4511553 Yes Version 1809 Security Temporal: 7.4

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1273 for 32-bit Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 10 4512578 Base: 8.2 Version 1809 Security Temporal: 7.4 Important Spoofing 4511553 Yes for x64-based Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 10 4512578 Base: 8.2 Version 1809 Security Temporal: 7.4 for ARM64- Important Spoofing 4511553 Yes Update Vector: based CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 8.2 Windows Security Temporal: 7.4 Important Spoofing 4511553 Yes Server 2019 Update Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 8.2 Server 2019 Security Temporal: 7.4 Important Spoofing 4511553 Yes (Server Core Update Vector: installation) CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 8.2 Version 1903 Security Temporal: 7.4 Important Spoofing 4512508 Yes for 32-bit Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1273 Windows 10 4515384 Base: 8.2 Version 1903 Security Temporal: 7.4 Important Spoofing 4512508 Yes for x64-based Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 8.2 Version 1903 Security Temporal: 7.4 for ARM64- Important Spoofing 4512508 Yes Update Vector: based CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4515384 Base: 8.2 Server, Security Temporal: 7.4 version 1903 Important Spoofing 4512508 Yes Update Vector: (Server Core CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C installation)

CVE-2019-1274 - Windows Kernel Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Windows Kernel Information Disclosure Vulnerability Information Important 2019- Description: Disclosure

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact 1274 An information disclosure vulnerability exists when the Windows kernel fails to properly MITRE initialize a memory address. An attacker who successfully exploited this vulnerability could NVD obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel initializes memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1274 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 6.3 for 32-bit Only Information Temporal: 5.7 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 1 Rollup

Windows 7 4516033 Information Base: 6.3 for x64- Security Important 4512506 Yes Disclosure Temporal: 5.7 based Only

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 Systems 4516065 Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 6.3 based Only Information Temporal: 5.7 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Server 2008 Security R2 for Base: 6.3 Only Itanium- Information Temporal: 5.7 4516065 Important 4512506 Yes Based Disclosure Vector: Monthly Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Information Base: 6.3 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5.7

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 R2 for x64- Only Vector: based 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Monthly Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 6.3 Rollup Systems Information Temporal: 5.7 4516051 Important 4512476 Yes Service Pack Disclosure Vector: Security 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Only Core installation) 4516055 Monthly Base: 6.3 Rollup Windows Information Temporal: 5.7 4516062 Important 4512518 Yes Server 2012 Disclosure Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Only

4516055 Windows Information Base: 6.3 Monthly Important 4512518 Yes Server 2012 Disclosure Temporal: 5.7 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 (Server Core 4516062 Vector: installation) Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Only

4516064 Security Base: 6.3 Windows 8.1 Only Information Temporal: 5.7 for 32-bit 4516067 Important 4512488 Yes Disclosure Vector: systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Rollup

4516064 Security Windows 8.1 Base: 6.3 Only for x64- Information Temporal: 5.7 4516067 Important 4512488 Yes based Disclosure Vector: Monthly systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Rollup

4516064 Base: 6.3 Windows Security Information Temporal: 5.7 Server 2012 Only Important 4512488 Yes Disclosure Vector: R2 4516067 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 Rollup

4516067 Base: 6.3 Windows RT Monthly Information Temporal: 5.7 Important 4512488 Yes 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 4516064 Windows Security Base: 6.3 Server 2012 Only Information Temporal: 5.7 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 6.3 Windows 10 Security Information Temporal: 5.7 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516070 Base: 6.3 for x64- Security Information Temporal: 5.7 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4516044 Information Base: 6.3 Important 4512517 Yes Server 2016 Security Disclosure Temporal: 5.7

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 Update Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Version 1607 Security Information Temporal: 5.7 Important 4512517 Yes for 32-bit Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516044 Base: 6.3 Version 1607 Security Information Temporal: 5.7 for x64- Important 4512517 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 4516044 Base: 6.3 Server 2016 Security Information Temporal: 5.7 Important 4512517 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516068 Base: 6.3 Version 1703 Security Information Temporal: 5.7 Important 4512507 Yes for 32-bit Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 4516068 Base: 6.3 Windows 10 Security Information Temporal: 5.7 Version 1703 Important 4512507 Yes Update Disclosure Vector: for x64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 based Systems Windows 10 4516066 Base: 6.3 Version 1709 Security Information Temporal: 5.7 Important 4512516 Yes for 32-bit Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Version 1709 Security Information Temporal: 5.7 for x64- Important 4512516 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4516058 Base: 6.3 Version 1803 Security Information Temporal: 5.7 Important 4512501 Yes for 32-bit Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Version 1803 Security Information Temporal: 5.7 for x64- Important 4512501 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 4516058 Information Base: 6.3 Server, Important 4512501 Yes Security Disclosure Temporal: 5.7 version 1803

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 (Server Core Update Vector: Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516058 Base: 6.3 Version 1803 Security Information Temporal: 5.7 for ARM64- Important 4512501 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 6.3 Version 1809 Security Information Temporal: 5.7 Important 4511553 Yes for 32-bit Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4512578 Base: 6.3 Version 1809 Security Information Temporal: 5.7 for x64- Important 4511553 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 6.3 Version 1809 Security Information Temporal: 5.7 for ARM64- Important 4511553 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 4512578 Information Base: 6.3 Important 4511553 Yes Server 2019 Security Disclosure Temporal: 5.7

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 Update Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4512578 Base: 6.3 Server 2019 Security Information Temporal: 5.7 Important 4511553 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4516066 Base: 6.3 Version 1709 Security Information Temporal: 5.7 for ARM64- Important 4512516 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 6.3 Version 1903 Security Information Temporal: 5.7 Important 4512508 Yes for 32-bit Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 10 4515384 Base: 6.3 Version 1903 Security Information Temporal: 5.7 for x64- Important 4512508 Yes Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Windows 10 4515384 Information Base: 6.3 Version 1903 Important 4512508 Yes Security Disclosure Temporal: 5.7 for ARM64-

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Windows 4515384 Base: 6.3 Server, Security Information Temporal: 5.7 version 1903 Important 4512508 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 6.3 for Itanium- Rollup Information Temporal: 5.7 Based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 6.3 Rollup for 32-bit Information Temporal: 5.7 4516051 Important 4512476 Yes Systems Disclosure Vector: Security Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Only 2

Windows 4516026 Information Base: 6.3 Important 4512476 Yes Server 2008 Monthly Disclosure Temporal: 5.7

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1274 for x64- Rollup Vector: based 4516051 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C Systems Security Service Pack Only 2 Windows Server 2008 4516026 for x64- Monthly Base: 6.3 based Rollup Information Temporal: 5.7 Systems 4516051 Important 4512476 Yes Disclosure Vector: Service Pack Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C 2 (Server Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1277 - Windows Audio Service Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Audio Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges when used in conjunction with another vulnerability. CVE- To exploit the vulnerability, an attacker could run a specially crafted application locally. This 2019- vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be Elevation of 1277 Important used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability Privilege MITRE and another elevation of privilege) that could take advantage of the elevated privileges when NVD running. The update addresses the vulnerability by correcting how the Windows Audio Service handles these parameters.

FAQ:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1277 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1277 Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7.8 Important of 4512501 Yes Version 1803 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1277 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4512578 Base: 7.8 Version 1809 Important of 4511553 Yes Security Temporal: 7 for ARM64- Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1277 based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1277 Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2019-1278 - Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Elevation of Privilege Vulnerability CVE- Description: 2019-1278 Elevation of An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects Important MITRE in memory. An attacker who successfully exploited the vulnerability could execute code with Privilege NVD elevated permissions.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1278 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1278 Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7.8 Important of 4512501 Yes Version 1803 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1278 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4512578 Base: 7.8 Important of 4511553 Yes Version 1809 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1278 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Elevation Windows 10 4515384 Base: 7.8 Important of 4512508 Yes Version 1903 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1278 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 - LNK Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: LNK Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be CVE- less impacted than users who operate with administrative user rights. 2019- The attacker could present to the user a removable drive, or remote share, that contains a Remote Code 1280 Critical malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote Execution MITRE share) in Windows Explorer, or any other application that parses the .LNK file, the malicious NVD binary will execute code of the attacker’s choice, on the target system. The security update addresses the vulnerability by correcting the processing of shortcut LNK references.

FAQ: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1280 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Remote Windows 7 Base: 7.3 Security Critical Code 4512506 Yes for 32-bit Temporal: 6.6 Only Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 Systems 4516065 Vector: Service Pack 1 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516033 Security Windows 7 Base: 7.3 Only Remote for x64-based Temporal: 6.6 4516065 Critical Code 4512506 Yes Systems Vector: Monthly Execution Service Pack 1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

Windows 4516033 Server 2008 Security Base: 7.3 R2 for x64- Only Remote Temporal: 6.6 based Systems 4516065 Critical Code 4512506 Yes Vector: Service Pack 1 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C (Server Core Rollup installation) 4516033 Windows Base: 7.3 Security Remote Server 2008 Temporal: 6.6 Only Critical Code 4512506 Yes R2 for Vector: 4516065 Execution Itanium-Based CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 Systems Rollup Service Pack 1 4516033 Windows Security Base: 7.3 Server 2008 Only Remote Temporal: 6.6 R2 for x64- 4516065 Critical Code 4512506 Yes Vector: based Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack 1 Rollup

Windows 4516026 Server 2008 Monthly Base: 7.3 for 32-bit Rollup Remote Temporal: 6.6 Systems 4516051 Critical Code 4512476 Yes Vector: Service Pack 2 Security Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C (Server Core Only installation) 4516055 Monthly Base: 7.3 Rollup Remote Windows Temporal: 6.6 4516062 Critical Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 4516055 Monthly Windows Base: 7.3 Rollup Remote Server 2012 Temporal: 6.6 4516062 Critical Code 4512518 Yes (Server Core Vector: Security Execution installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.3 Windows 8.1 Only Remote Temporal: 6.6 for 32-bit 4516067 Critical Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.3 Windows 8.1 Only Remote Temporal: 6.6 for x64-based 4516067 Critical Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 4516064 Security Base: 7.3 Windows Only Remote Temporal: 6.6 Server 2012 4516067 Critical Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.3 Remote Windows RT Monthly Temporal: 6.6 Critical Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.3 Server 2012 Only Remote Temporal: 6.6 R2 (Server 4516067 Critical Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.3 Windows 10 Remote Security Temporal: 6.6 for 32-bit Critical Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 4516070 Base: 7.3 Windows 10 Remote Security Temporal: 6.6 for x64-based Critical Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.3 Remote Windows Security Temporal: 6.6 Critical Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.3 Remote Version 1607 Security Temporal: 6.6 Critical Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.3 Remote Version 1607 Security Temporal: 6.6 Critical Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.3 Remote Server 2016 Security Temporal: 6.6 Critical Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516068 Base: 7.3 Critical Code 4512507 Yes Version 1703 Security Temporal: 6.6 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.3 Remote Version 1703 Security Temporal: 6.6 Critical Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.3 Remote Version 1709 Security Temporal: 6.6 Critical Code 4512516 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.3 Remote Version 1709 Security Temporal: 6.6 Critical Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.3 Remote Version 1803 Security Temporal: 6.6 Critical Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.3 Remote Version 1803 Security Temporal: 6.6 Critical Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 Windows 4516058 Base: 7.3 Server, Remote Security Temporal: 6.6 version 1803 Critical Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.3 Remote Version 1803 Security Temporal: 6.6 Critical Code 4512501 Yes for ARM64- Update Vector: Execution based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.3 Remote Version 1809 Security Temporal: 6.6 Critical Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.3 Remote Version 1809 Security Temporal: 6.6 Critical Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.3 Remote Version 1809 Security Temporal: 6.6 Critical Code 4511553 Yes for ARM64- Update Vector: Execution based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 4512578 Base: 7.3 Remote Windows Security Temporal: 6.6 Critical Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.3 Remote Server 2019 Security Temporal: 6.6 Critical Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.3 Remote Version 1709 Security Temporal: 6.6 Critical Code 4512516 Yes for ARM64- Update Vector: Execution based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.3 Remote Version 1903 Security Temporal: 6.6 Critical Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.3 Remote Version 1903 Security Temporal: 6.6 Critical Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4515384 Base: 7.3 Critical Code 4512508 Yes Version 1903 Security Temporal: 6.6 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 for ARM64- Update Vector: based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4515384 Base: 7.3 Server, Remote Security Temporal: 6.6 version 1903 Critical Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4516026 Windows Monthly Server 2008 Base: 7.3 Rollup Remote for Itanium- Temporal: 6.6 4516051 Critical Code 4512476 Yes Based Vector: Security Execution Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack 2

4516026 Windows Monthly Base: 7.3 Server 2008 Rollup Remote Temporal: 6.6 for 32-bit 4516051 Critical Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack 2 Only

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1280 4516026 Windows Monthly Base: 7.3 Server 2008 Rollup Remote Temporal: 6.6 for x64-based 4516051 Critical Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack 2 Only

Windows 4516026 Server 2008 Monthly Base: 7.3 for x64-based Rollup Remote Temporal: 6.6 Systems 4516051 Critical Code 4512476 Yes Vector: Service Pack 2 Security Execution CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C (Server Core Only installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 - Windows Common Log File System Driver Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Common Log File System Driver Information Disclosure Vulnerability Description: An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits.

CVE- To exploit the vulnerability, an attacker would first have to log on to the system, and then run a 2019- specially crafted application. Information 1282 Important The security update addresses the vulnerability by correcting how CLFS handles sandbox Disclosure MITRE checks. NVD

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1282 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Information Base: 5.5 Important 4512506 Yes for 32-bit Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 Systems Only Vector: Service Pack 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 Monthly Rollup

4516033 Windows 7 Security for x64- Base: 5.5 Only based Information Temporal: 5 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup 1

Windows Server 2008 4516033 R2 for x64- Security Base: 5.5 based Only Information Temporal: 5 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Information Base: 5.5 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 R2 for Only Vector: Itanium- 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Based Monthly Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 5.5 R2 for x64- Only Information Temporal: 5 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 5.5 Rollup Systems Information Temporal: 5 4516051 Important 4512476 Yes Service Pack Disclosure Vector: Security 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only Core installation) Windows 4516055 Information Base: 5.5 Important 4512518 Yes Server 2012 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 Rollup Vector: 4516062 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Security Only

4516055 Monthly Windows Base: 5.5 Rollup Server 2012 Information Temporal: 5 4516062 Important 4512518 Yes (Server Core Disclosure Vector: Security installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

Windows 4516064 Base: 5.5 8.1 for x64- Security Information Temporal: 5 Important 4512488 Yes based Only Disclosure Vector: systems 4516067 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 Monthly Rollup

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516067 Base: 5.5 Windows Monthly Information Temporal: 5 Important 4512488 Yes RT 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 5.5 Server 2012 Only Information Temporal: 5 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 4516070 Base: 5.5 Windows 10 Security Information Temporal: 5 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516070 Base: 5.5 for x64- Security Information Temporal: 5 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516044 Base: 5.5 Windows Security Information Temporal: 5 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 Important 4512517 Yes 1607 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Information Base: 5.5 Important 4512517 Yes Server 2016 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 (Server Core Update Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Information Base: 5.5 Important 4512501 Yes Version Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 1803 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.5 Version Security Information Temporal: 5 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516058 Base: 5.5 Server, Security Information Temporal: 5 version 1803 Important 4512501 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Installation) Windows 10 Version 4516058 Base: 5.5 1803 for Security Information Temporal: 5 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 Important 4511553 Yes 1809 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 1809 for Important 4511553 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4512578 Base: 5.5 1809 for Security Information Temporal: 5 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 5.5 Windows Security Information Temporal: 5 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.5 Server 2019 Security Information Temporal: 5 Important 4511553 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for Update Disclosure Vector: ARM64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 based Systems Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4515384 Base: 5.5 1903 for Security Information Temporal: 5 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4515384 Base: 5.5 Server, Security Information Temporal: 5 version 1903 Important 4512508 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 Windows 4516026 Server 2008 Monthly Base: 5.5 for Itanium- Rollup Information Temporal: 5 Based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 5.5 Rollup for 32-bit Information Temporal: 5 4516051 Important 4512476 Yes Systems Disclosure Vector: Security Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly Base: 5.5 for x64- Rollup Information Temporal: 5 based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Information Base: 5.5 Important 4512476 Yes Server 2008 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1282 for x64- Rollup Vector: based 4516051 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Security Service Pack Only 2 (Server Core installation)

CVE-2019-1283 - Microsoft Graphics Components Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Graphics Components Information Disclosure Vulnerability CVE- Description: 2019- An information disclosure vulnerability exists in the way that Microsoft Graphics Components Information 1283 handle objects in memory. An attacker who successfully exploited the vulnerability could Important Disclosure MITRE obtain information that could be useful for further exploitation. NVD To exploit the vulnerability, a user would have to open a specially crafted file.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1283 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 5.5 for 32-bit Only Information Temporal: 5 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security for x64- Base: 5.5 Only based Information Temporal: 5 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup 1

Windows 4516033 Information Base: 5.5 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1283 R2 for x64- Only Vector: based 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Monthly Service Pack Rollup 1 (Server Core installation) Windows 4516033 Server 2008 Security R2 for Base: 5.5 Only Itanium- Information Temporal: 5 4516065 Important 4512506 Yes Based Disclosure Vector: Monthly Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Server 2008 Security Base: 5.5 R2 for x64- Only Information Temporal: 5 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Rollup 1

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1284 - DirectX Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: DirectX Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVE- To exploit this vulnerability, an attacker would first have to log on to the system. An attacker 2019- could then run a specially crafted application that could exploit the vulnerability and take control Elevation of 1284 of an affected system. Important Privilege MITRE The update addresses the vulnerability by correcting how DirectX handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1284 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1284 4516033 Windows 7 Security Base: 7.8 for x64-based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) 4516033 Windows Security Server 2008 Base: 7.8 Only Elevation R2 for Temporal: 7 4516065 Important of 4512506 Yes Itanium- Vector: Monthly Privilege Based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1284 Service Pack 1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Elevation Temporal: 7 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4516026 Base: 7.8 Server 2008 Monthly Elevation Temporal: 7 for Itanium- Rollup Important of 4512476 Yes Vector: Based 4516051 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Security

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1284 Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for x64-based Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for x64-based Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2 (Server

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1284 Core installation)

CVE-2019-1285 - Win32k Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability CVE- could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or 2019- delete data; or create new accounts with full user rights. Elevation of 1285 Important To exploit this vulnerability, an attacker would first have to log on to the system. An attacker Privilege MITRE could then run a specially crafted application that could exploit the vulnerability and take control NVD of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.

FAQ:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1285 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 4516033 Windows 7 Security Base: 7.8 for 32-bit Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.8 for x64-based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.8 based Only Elevation Temporal: 7 Systems 4516065 Important of 4512506 Yes Vector: Service Pack Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 Windows 4516033 Server 2008 Security R2 for Base: 7.8 Only Elevation Itanium- Temporal: 7 4516065 Important of 4512506 Yes Based Vector: Monthly Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Server 2008 Security Base: 7.8 R2 for x64- Only Elevation Temporal: 7 based 4516065 Important of 4512506 Yes Vector: Systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 4516055 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4516062 Important of 4512518 Yes Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 7.8 Rollup Elevation Server 2012 Temporal: 7 4516062 Important of 4512518 Yes (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Elevation Temporal: 7 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516064 Base: 7.8 Server 2012 Security Elevation Temporal: 7 R2 (Server Only Important of 4512488 Yes Vector: Core 4516067 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 Rollup

4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7.8 Important of 4512501 Yes Version 1803 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4512578 Base: 7.8 Important of 4511553 Yes Version 1809 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Elevation Windows 10 4515384 Base: 7.8 Important of 4512508 Yes Version 1903 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4516051 Important of 4512476 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1285 4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for x64-based Temporal: 7 4516051 Important of 4512476 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.8 Rollup Elevation Systems Temporal: 7 4516051 Important of 4512476 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 - Windows GDI Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a CVE- user to open a specially crafted document, or by convincing a user to visit an untrusted 2019- webpage. Information 1286 Important The security update addresses the vulnerability by correcting how the Windows GDI Disclosure MITRE component handles objects in memory. NVD

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1286 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4516033 Information Base: 5.5 Important 4512506 Yes for 32-bit Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 Systems Only Vector: Service Pack 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 Monthly Rollup

4516033 Windows 7 Security for x64- Base: 5.5 Only based Information Temporal: 5 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup 1

Windows Server 2008 4516033 R2 for x64- Security Base: 5.5 based Only Information Temporal: 5 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 (Server Rollup Core installation) Windows 4516033 Information Base: 5.5 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 R2 for Only Vector: Itanium- 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Based Monthly Systems Rollup Service Pack 1 Windows 4516033 Server 2008 Security Base: 5.5 R2 for x64- Only Information Temporal: 5 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 5.5 Rollup Systems Information Temporal: 5 4516051 Important 4512476 Yes Service Pack Disclosure Vector: Security 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only Core installation) Windows 4516055 Information Base: 5.5 Important 4512518 Yes Server 2012 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 Rollup Vector: 4516062 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Security Only

4516055 Monthly Windows Base: 5.5 Rollup Server 2012 Information Temporal: 5 4516062 Important 4512518 Yes (Server Core Disclosure Vector: Security installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

Windows 4516064 Base: 5.5 8.1 for x64- Security Information Temporal: 5 Important 4512488 Yes based Only Disclosure Vector: systems 4516067 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 Monthly Rollup

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516067 Base: 5.5 Windows Monthly Information Temporal: 5 Important 4512488 Yes RT 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 5.5 Server 2012 Only Information Temporal: 5 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 4516070 Base: 5.5 Windows 10 Security Information Temporal: 5 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516070 Base: 5.5 for x64- Security Information Temporal: 5 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516044 Base: 5.5 Windows Security Information Temporal: 5 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 Important 4512517 Yes 1607 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Information Base: 5.5 Important 4512517 Yes Server 2016 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 (Server Core Update Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Information Base: 5.5 Important 4512501 Yes Version Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 1803 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.5 Version Security Information Temporal: 5 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516058 Base: 5.5 Server, Security Information Temporal: 5 version 1803 Important 4512501 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Installation) Windows 10 Version 4516058 Base: 5.5 1803 for Security Information Temporal: 5 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 Important 4511553 Yes 1809 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 1809 for Important 4511553 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4512578 Base: 5.5 1809 for Security Information Temporal: 5 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 5.5 Windows Security Information Temporal: 5 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.5 Server 2019 Security Information Temporal: 5 Important 4511553 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for Update Disclosure Vector: ARM64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 based Systems Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4515384 Base: 5.5 1903 for Security Information Temporal: 5 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4515384 Base: 5.5 Server, Security Information Temporal: 5 version 1903 Important 4512508 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 Windows 4516026 Server 2008 Monthly Base: 5.5 for Itanium- Rollup Information Temporal: 5 Based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Only 2 4516026 Windows Monthly Server 2008 Base: 5.5 Rollup for 32-bit Information Temporal: 5 4516051 Important 4512476 Yes Systems Disclosure Vector: Security Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly Base: 5.5 for x64- Rollup Information Temporal: 5 based 4516051 Important 4512476 Yes Disclosure Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Only 2 Windows 4516026 Information Base: 5.5 Important 4512476 Yes Server 2008 Monthly Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1286 for x64- Rollup Vector: based 4516051 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Security Service Pack Only 2 (Server Core installation)

CVE-2019-1287 - Windows Network Connectivity Assistant Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Network Connectivity Assistant Elevation of Privilege Vulnerability CVE- Description: 2019-1287 Elevation of An elevation of privilege vulnerability exists in the way that the Windows Network Important MITRE Connectivity Assistant handles objects in memory. An attacker who successfully exploited the Privilege NVD vulnerability could execute code with elevated permissions.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Network Connectivity Assistant properly handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1287 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516055 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4516062 Important of 4512518 Yes Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 7.8 Rollup Elevation Server 2012 Temporal: 7 4516062 Important of 4512518 Yes (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for 32-bit 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1287 4516064 Security Base: 7.8 Windows 8.1 Only Elevation Temporal: 7 for x64-based 4516067 Important of 4512488 Yes Vector: systems Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.8 Windows Only Elevation Temporal: 7 Server 2012 4516067 Important of 4512488 Yes Vector: R2 Monthly Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4512488 Yes 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516064 Base: 7.8 Server 2012 Security Elevation Temporal: 7 R2 (Server Only Important of 4512488 Yes Vector: Core 4516067 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1287 Rollup

4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.8 Elevation Version 1607 Security Temporal: 7 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1287 Windows 4516044 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.8 Elevation Version 1703 Security Temporal: 7 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Elevation Version 1709 Security Temporal: 7 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516058 Base: 7.8 Important of 4512501 Yes Version 1803 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1287 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.8 Elevation Version 1803 Security Temporal: 7 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.8 Server, Elevation Security Temporal: 7 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.8 Version 1803 Elevation Security Temporal: 7 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.8 Elevation Version 1809 Security Temporal: 7 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4512578 Base: 7.8 Important of 4511553 Yes Version 1809 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1287 for x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.8 Version 1809 Elevation Security Temporal: 7 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.8 Version 1709 Elevation Security Temporal: 7 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Elevation Windows 10 4515384 Base: 7.8 Important of 4512508 Yes Version 1903 Security Temporal: 7 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1287 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Elevation Version 1903 Security Temporal: 7 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.8 Version 1903 Elevation Security Temporal: 7 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.8 Server, Elevation Security Temporal: 7 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1289 - Windows Update Delivery Optimization Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Update Delivery Optimization Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already CVE- has. 2019- To exploit this vulnerability, an attacker would need to log into a system. The attacker could then Elevation of 1289 Important create a Delivery Optimization job to exploit the vulnerability. Privilege MITRE NVD The security update addresses the vulnerability by correcting how the Delivery Optimization services enforces permissions.

FAQ: None Mitigations:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1289 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516070 Base: 7 Windows 10 Elevation Security Temporal: 6.3 for 32-bit Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1289 4516070 Base: 7 Windows 10 Elevation Security Temporal: 6.3 for x64-based Important of 4512497 Yes Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7 Elevation Windows Security Temporal: 6.3 Important of 4512517 Yes Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7 Elevation Version 1607 Security Temporal: 6.3 Important of 4512517 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7 Elevation Version 1607 Security Temporal: 6.3 Important of 4512517 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7 Elevation Server 2016 Security Temporal: 6.3 Important of 4512517 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Elevation Windows 10 4516068 Base: 7 Important of 4512507 Yes Version 1703 Security Temporal: 6.3 Privilege

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1289 for 32-bit Update Vector: Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7 Elevation Version 1703 Security Temporal: 6.3 Important of 4512507 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7 Elevation Version 1709 Security Temporal: 6.3 Important of 4512516 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7 Elevation Version 1709 Security Temporal: 6.3 Important of 4512516 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7 Elevation Version 1803 Security Temporal: 6.3 Important of 4512501 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7 Elevation Version 1803 Security Temporal: 6.3 Important of 4512501 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1289 Windows 4516058 Base: 7 Server, Elevation Security Temporal: 6.3 version 1803 Important of 4512501 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7 Version 1803 Elevation Security Temporal: 6.3 for ARM64- Important of 4512501 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7 Elevation Version 1809 Security Temporal: 6.3 Important of 4511553 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7 Elevation Version 1809 Security Temporal: 6.3 Important of 4511553 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7 Version 1809 Elevation Security Temporal: 6.3 for ARM64- Important of 4511553 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1289 4512578 Base: 7 Elevation Windows Security Temporal: 6.3 Important of 4511553 Yes Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7 Elevation Server 2019 Security Temporal: 6.3 Important of 4511553 Yes (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7 Version 1709 Elevation Security Temporal: 6.3 for ARM64- Important of 4512516 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7 Elevation Version 1903 Security Temporal: 6.3 Important of 4512508 Yes for 32-bit Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7 Elevation Version 1903 Security Temporal: 6.3 Important of 4512508 Yes for x64-based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1289 Windows 10 4515384 Base: 7 Version 1903 Elevation Security Temporal: 6.3 for ARM64- Important of 4512508 Yes Update Vector: based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7 Server, Elevation Security Temporal: 6.3 version 1903 Important of 4512508 Yes Update Vector: (Server Core Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2019-1290 - Remote Desktop Client Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Remote Desktop Client Remote Code Execution Vulnerability Remote Code 2019- Critical Description: Execution 1290

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user NVD connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1290 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 7.5 for 32-bit Only Remote Temporal: 6.7 Systems 4516065 Critical Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 4516033 Windows 7 Security Base: 7.5 for x64-based Only Remote Temporal: 6.7 Systems 4516065 Critical Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.5 based Only Remote Temporal: 6.7 Systems 4516065 Critical Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation) 4516033 Windows Security Server 2008 Base: 7.5 Only Remote R2 for Temporal: 6.7 4516065 Critical Code 4512506 Yes Itanium- Vector: Monthly Execution Based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 Service Pack 1 Windows 4516033 Server 2008 Security Base: 7.5 R2 for x64- Only Remote Temporal: 6.7 based 4516065 Critical Code 4512506 Yes Vector: Systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 4516055 Monthly Base: 7.5 Rollup Remote Windows Temporal: 6.7 4516062 Critical Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 7.5 Rollup Remote Server 2012 Temporal: 6.7 4516062 Critical Code 4512518 Yes (Server Core Vector: Security Execution installation) CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 4516064 Security Base: 7.5 Windows 8.1 Only Remote Temporal: 6.7 for 32-bit 4516067 Critical Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.5 Windows 8.1 Only Remote Temporal: 6.7 for x64-based 4516067 Critical Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.5 Windows Only Remote Temporal: 6.7 Server 2012 4516067 Critical Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 4516067 Base: 7.5 Remote Windows RT Monthly Temporal: 6.7 Critical Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516064 Windows Security Base: 7.5 Server 2012 Only Remote Temporal: 6.7 R2 (Server 4516067 Critical Code 4512488 Yes Vector: Core Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Rollup

4516070 Base: 7.5 Windows 10 Remote Security Temporal: 6.7 for 32-bit Critical Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.5 Windows 10 Remote Security Temporal: 6.7 for x64-based Critical Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 Windows 10 4516044 Base: 7.5 Remote Version 1607 Security Temporal: 6.7 Critical Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.5 Remote Version 1607 Security Temporal: 6.7 Critical Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 7.5 Remote Server 2016 Security Temporal: 6.7 Critical Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.5 Remote Version 1703 Security Temporal: 6.7 Critical Code 4512507 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.5 Remote Version 1703 Security Temporal: 6.7 Critical Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516066 Base: 7.5 Critical Code 4512516 Yes Version 1709 Security Temporal: 6.7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 for 32-bit Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.5 Remote Version 1709 Security Temporal: 6.7 Critical Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.5 Remote Version 1803 Security Temporal: 6.7 Critical Code 4512501 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.5 Remote Version 1803 Security Temporal: 6.7 Critical Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.5 Server, Remote Security Temporal: 6.7 version 1803 Critical Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) 4516058 Base: 7.5 Windows 10 Remote Security Temporal: 6.7 Version 1803 Critical Code 4512501 Yes Update Vector: for ARM64- Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 based Systems Windows 10 4512578 Base: 7.5 Remote Version 1809 Security Temporal: 6.7 Critical Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.5 Remote Version 1809 Security Temporal: 6.7 Critical Code 4511553 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.5 Version 1809 Remote Security Temporal: 6.7 for ARM64- Critical Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.5 Remote Server 2019 Security Temporal: 6.7 Critical Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1290 Windows 10 4516066 Base: 7.5 Version 1709 Remote Security Temporal: 6.7 for ARM64- Critical Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4515384 Base: 7.5 Remote Version 1903 Security Temporal: 6.7 Critical Code 4512508 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.5 Remote Version 1903 Security Temporal: 6.7 Critical Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.5 Version 1903 Remote Security Temporal: 6.7 for ARM64- Critical Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.5 Server, Remote Security Temporal: 6.7 version 1903 Critical Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 - Remote Desktop Client Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Remote Desktop Client Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install CVE- programs; view, change, or delete data; or create new accounts with full user rights. 2019- Remote Code 1291 To exploit this vulnerability, an attacker would need to have control of a server and then convince Critical Execution MITRE a user to connect to it. An attacker would have no way of forcing a user to connect to the NVD malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1291 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 4516033 Windows 7 Security Base: 7.5 for 32-bit Only Remote Temporal: 6.7 Systems 4516065 Critical Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security Base: 7.5 for x64-based Only Remote Temporal: 6.7 Systems 4516065 Critical Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Rollup

Windows Server 2008 4516033 R2 for x64- Security Base: 7.5 based Only Remote Temporal: 6.7 Systems 4516065 Critical Code 4512506 Yes Vector: Service Pack Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Rollup Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 Windows 4516033 Server 2008 Security R2 for Base: 7.5 Only Remote Itanium- Temporal: 6.7 4516065 Critical Code 4512506 Yes Based Vector: Monthly Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Server 2008 Security Base: 7.5 R2 for x64- Only Remote Temporal: 6.7 based 4516065 Critical Code 4512506 Yes Vector: Systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Rollup 1 Windows 4516026 Server 2008 Monthly for 32-bit Base: 7.5 Rollup Remote Systems Temporal: 6.7 4516051 Critical Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 4516055 Monthly Base: 7.5 Rollup Remote Windows Temporal: 6.7 4516062 Critical Code 4512518 Yes Server 2012 Vector: Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 7.5 Rollup Remote Server 2012 Temporal: 6.7 4516062 Critical Code 4512518 Yes (Server Core Vector: Security Execution installation) CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4516064 Security Base: 7.5 Windows 8.1 Only Remote Temporal: 6.7 for 32-bit 4516067 Critical Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 4516064 Security Base: 7.5 Windows 8.1 Only Remote Temporal: 6.7 for x64-based 4516067 Critical Code 4512488 Yes Vector: systems Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516064 Security Base: 7.5 Windows Only Remote Temporal: 6.7 Server 2012 4516067 Critical Code 4512488 Yes Vector: R2 Monthly Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Rollup

4516067 Base: 7.5 Remote Windows RT Monthly Temporal: 6.7 Critical Code 4512488 Yes 8.1 Rollup Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516064 Base: 7.5 Server 2012 Security Remote Temporal: 6.7 R2 (Server Only Critical Code 4512488 Yes Vector: Core 4516067 Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Monthly

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 Rollup

4516070 Base: 7.5 Windows 10 Remote Security Temporal: 6.7 for 32-bit Critical Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516070 Base: 7.5 Windows 10 Remote Security Temporal: 6.7 for x64-based Critical Code 4512497 Yes Update Vector: Systems Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4516044 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4512517 Yes Server 2016 Update Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.5 Remote Version 1607 Security Temporal: 6.7 Critical Code 4512517 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 7.5 Remote Version 1607 Security Temporal: 6.7 Critical Code 4512517 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 Windows 4516044 Base: 7.5 Remote Server 2016 Security Temporal: 6.7 Critical Code 4512517 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.5 Remote Version 1703 Security Temporal: 6.7 Critical Code 4512507 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 7.5 Remote Version 1703 Security Temporal: 6.7 Critical Code 4512507 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.5 Remote Version 1709 Security Temporal: 6.7 Critical Code 4512516 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.5 Remote Version 1709 Security Temporal: 6.7 Critical Code 4512516 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4516058 Base: 7.5 Critical Code 4512501 Yes Version 1803 Security Temporal: 6.7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 for 32-bit Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 7.5 Remote Version 1803 Security Temporal: 6.7 Critical Code 4512501 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4516058 Base: 7.5 Server, Remote Security Temporal: 6.7 version 1803 Critical Code 4512501 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 7.5 Version 1803 Remote Security Temporal: 6.7 for ARM64- Critical Code 4512501 Yes Update Vector: based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 7.5 Remote Version 1809 Security Temporal: 6.7 Critical Code 4511553 Yes for 32-bit Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Remote Windows 10 4512578 Base: 7.5 Critical Code 4511553 Yes Version 1809 Security Temporal: 6.7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 for x64-based Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 7.5 Version 1809 Remote Security Temporal: 6.7 for ARM64- Critical Code 4511553 Yes Update Vector: based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4512578 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4511553 Yes Server 2019 Update Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4512578 Base: 7.5 Remote Server 2019 Security Temporal: 6.7 Critical Code 4511553 Yes (Server Core Update Vector: Execution installation) CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 7.5 Version 1709 Remote Security Temporal: 6.7 for ARM64- Critical Code 4512516 Yes Update Vector: based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Remote Windows 10 4515384 Base: 7.5 Critical Code 4512508 Yes Version 1903 Security Temporal: 6.7 Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 for 32-bit Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.5 Remote Version 1903 Security Temporal: 6.7 Critical Code 4512508 Yes for x64-based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 7.5 Version 1903 Remote Security Temporal: 6.7 for ARM64- Critical Code 4512508 Yes Update Vector: based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4515384 Base: 7.5 Server, Remote Security Temporal: 6.7 version 1903 Critical Code 4512508 Yes Update Vector: (Server Core Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4516026 Server 2008 Monthly Base: 7.5 for Itanium- Rollup Remote Temporal: 6.7 Based 4516051 Critical Code 4512476 Yes Vector: Systems Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1291 4516026 Windows Monthly Server 2008 Base: 7.5 Rollup Remote for 32-bit Temporal: 6.7 4516051 Critical Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

4516026 Windows Monthly Server 2008 Base: 7.5 Rollup Remote for x64-based Temporal: 6.7 4516051 Critical Code 4512476 Yes Systems Vector: Security Execution Service Pack CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4516026 Server 2008 Monthly for x64-based Base: 7.5 Rollup Remote Systems Temporal: 6.7 4516051 Critical Code 4512476 Yes Service Pack Vector: Security Execution 2 (Server CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1292 - Windows Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a CVE- specially crafted application. The vulnerability would not allow an attacker to execute code or to 2019- elevate user rights directly, but it could be used to cause a target system to stop responding. Denial of 1292 Important Service MITRE The update addresses the vulnerability by correcting how Windows handles objects in memory. NVD FAQ: None Mitigations: None Workarounds: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1292 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516070 Base: 5.8 Windows 10 Denial Security Temporal: 5.2 for 32-bit Important of 4512497 Yes Update Vector: Systems Service CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 Denial 4516070 Base: 5.8 for x64-based Important of 4512497 Yes Security Temporal: 5.2 Systems Service

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1292 Update Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 4516044 Base: 5.8 Denial Windows Security Temporal: 5.2 Important of 4512517 Yes Server 2016 Update Vector: Service CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.8 Denial Version 1607 Security Temporal: 5.2 Important of 4512517 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.8 Denial Version 1607 Security Temporal: 5.2 Important of 4512517 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 4516044 Base: 5.8 Denial Server 2016 Security Temporal: 5.2 Important of 4512517 Yes (Server Core Update Vector: Service installation) CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.8 Denial Version 1703 Security Temporal: 5.2 Important of 4512507 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1292 Windows 10 4516068 Base: 5.8 Denial Version 1703 Security Temporal: 5.2 Important of 4512507 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.8 Denial Version 1709 Security Temporal: 5.2 Important of 4512516 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.8 Denial Version 1709 Security Temporal: 5.2 Important of 4512516 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.8 Denial Version 1803 Security Temporal: 5.2 Important of 4512501 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.8 Denial Version 1803 Security Temporal: 5.2 Important of 4512501 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows Denial 4516058 Base: 5.8 Server, Important of 4512501 Yes Security Temporal: 5.2 version 1803 Service

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1292 (Server Core Update Vector: Installation) CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.8 Denial Version 1803 Security Temporal: 5.2 Important of 4512501 Yes for ARM64- Update Vector: Service based Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 5.8 Denial Version 1809 Security Temporal: 5.2 Important of 4511553 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 5.8 Denial Version 1809 Security Temporal: 5.2 Important of 4511553 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4512578 Base: 5.8 Denial Version 1809 Security Temporal: 5.2 Important of 4511553 Yes for ARM64- Update Vector: Service based Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 4512578 Base: 5.8 Denial Windows Security Temporal: 5.2 Important of 4511553 Yes Server 2019 Update Vector: Service CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1292 Windows 4512578 Base: 5.8 Denial Server 2019 Security Temporal: 5.2 Important of 4511553 Yes (Server Core Update Vector: Service installation) CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.8 Denial Version 1709 Security Temporal: 5.2 Important of 4512516 Yes for ARM64- Update Vector: Service based Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.8 Denial Version 1903 Security Temporal: 5.2 Important of 4512508 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.8 Denial Version 1903 Security Temporal: 5.2 Important of 4512508 Yes for x64-based Update Vector: Service Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.8 Denial Version 1903 Security Temporal: 5.2 Important of 4512508 Yes for ARM64- Update Vector: Service based Systems CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows Denial 4515384 Base: 5.8 Server, Important of 4512508 Yes Security Temporal: 5.2 version 1903 Service

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1292 (Server Core Update Vector: installation) CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2019-1293 - Windows SMB Client Driver Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows SMB Client Driver Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Windows when the Windows SMB Client CVE- kernel-mode driver fails to properly handle objects in memory. An attacker who successfully 2019- exploited the vulnerability could potentially disclose contents of System memory. Information 1293 Important Disclosure MITRE To exploit this vulnerability, an attacker would have to log on to the system first and then run a NVD specially crafted application in user mode. The security update addresses the vulnerability by correcting how the Windows SMB Client kernel-mode driver handles objects in memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1293 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4516033 Windows 7 Security Base: 5.5 for 32-bit Only Information Temporal: 5 Systems 4516065 Important 4512506 Yes Disclosure Vector: Service Pack Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 1 Rollup

4516033 Windows 7 Security for x64- Base: 5.5 Only based Information Temporal: 5 4516065 Important 4512506 Yes Systems Disclosure Vector: Monthly Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup 1

Windows 4516033 Information Base: 5.5 Important 4512506 Yes Server 2008 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 R2 for x64- Only Vector: based 4516065 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Monthly Service Pack Rollup 1 (Server Core installation) Windows 4516033 Server 2008 Security R2 for Base: 5.5 Only Itanium- Information Temporal: 5 4516065 Important 4512506 Yes Based Disclosure Vector: Monthly Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup Service Pack

1 Windows 4516033 Server 2008 Security Base: 5.5 R2 for x64- Only Information Temporal: 5 based 4516065 Important 4512506 Yes Disclosure Vector: Systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Service Pack Rollup 1

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 4516055 Monthly Base: 5.5 Rollup Windows Information Temporal: 5 4516062 Important 4512518 Yes Server 2012 Disclosure Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only

4516055 Monthly Windows Base: 5.5 Rollup Server 2012 Information Temporal: 5 4516062 Important 4512518 Yes (Server Core Disclosure Vector: Security installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Only

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 8.1 for 32- 4516067 Important 4512488 Yes Disclosure Vector: bit systems Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

Windows 4516064 Information Base: 5.5 Important 4512488 Yes 8.1 for x64- Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 based Only Vector: systems 4516067 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Monthly Rollup

4516064 Security Base: 5.5 Windows Only Information Temporal: 5 Server 2012 4516067 Important 4512488 Yes Disclosure Vector: R2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Rollup

4516067 Base: 5.5 Windows Monthly Information Temporal: 5 Important 4512488 Yes RT 8.1 Rollup Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516064 Windows Security Base: 5.5 Server 2012 Only Information Temporal: 5 R2 (Server 4516067 Important 4512488 Yes Disclosure Vector: Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation) Rollup

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 4516070 Base: 5.5 Windows 10 Security Information Temporal: 5 for 32-bit Important 4512497 Yes Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516070 Base: 5.5 for x64- Security Information Temporal: 5 Important 4512497 Yes based Update Disclosure Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 4516044 Base: 5.5 Windows Security Information Temporal: 5 Important 4512517 Yes Server 2016 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 Important 4512517 Yes 1607 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516044 Base: 5.5 Version Security Information Temporal: 5 1607 for Important 4512517 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516044 Information Base: 5.5 Important 4512517 Yes Server 2016 Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 (Server Core Update Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 Important 4512507 Yes 1703 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516068 Base: 5.5 Version Security Information Temporal: 5 1703 for Important 4512507 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 1709 for Important 4512516 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4516058 Information Base: 5.5 Important 4512501 Yes Version Security Disclosure Temporal: 5

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 1803 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516058 Base: 5.5 Version Security Information Temporal: 5 1803 for Important 4512501 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4516058 Base: 5.5 Server, Security Information Temporal: 5 version 1803 Important 4512501 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Installation) Windows 10 Version 4516058 Base: 5.5 1803 for Security Information Temporal: 5 Important 4512501 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 Important 4511553 Yes 1809 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 Windows 10 4512578 Base: 5.5 Version Security Information Temporal: 5 1809 for Important 4511553 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4512578 Base: 5.5 1809 for Security Information Temporal: 5 Important 4511553 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems 4512578 Base: 5.5 Windows Security Information Temporal: 5 Important 4511553 Yes Server 2019 Update Disclosure Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.5 Server 2019 Security Information Temporal: 5 Important 4511553 Yes (Server Core Update Disclosure Vector: installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4516066 Base: 5.5 Version Security Information Temporal: 5 Important 4512516 Yes 1709 for Update Disclosure Vector: ARM64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1293 based Systems Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 Important 4512508 Yes 1903 for 32- Update Disclosure Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.5 Version Security Information Temporal: 5 1903 for Important 4512508 Yes Update Disclosure Vector: x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4515384 Base: 5.5 1903 for Security Information Temporal: 5 Important 4512508 Yes ARM64- Update Disclosure Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 4515384 Base: 5.5 Server, Security Information Temporal: 5 version 1903 Important 4512508 Yes Update Disclosure Vector: (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C installation)

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1294 - Windows Secure Boot Security Feature Bypass Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Secure Boot Security Feature Bypass Vulnerability Description: A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. To exploit the vulnerability, an attacker must gain physical access to the target system prior CVE- to the next system reboot. 2019-1294 Security Feature Important MITRE The security update addresses the vulnerability by preventing access to certain debugging Bypass NVD options when Windows Secure Boot is enabled.

FAQ: None Mitigations: None Workarounds:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1294 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4516058 Base: 5.3 Security Version 1803 Security Temporal: 4.8 Important Feature 4512501 Yes for 32-bit Update Vector: Bypass Systems CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Security Windows 10 4516058 Base: 5.3 Important Feature 4512501 Yes Version 1803 Security Temporal: 4.8 Bypass

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1294 for x64-based Update Vector: Systems CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4516058 Base: 5.3 Server, Security Security Temporal: 4.8 version 1803 Important Feature 4512501 Yes Update Vector: (Server Core Bypass CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Installation) Windows 10 4516058 Base: 5.3 Version 1803 Security Security Temporal: 4.8 for ARM64- Important Feature 4512501 Yes Update Vector: based Bypass CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Systems Windows 10 4512578 Base: 5.3 Security Version 1809 Security Temporal: 4.8 Important Feature 4511553 Yes for 32-bit Update Vector: Bypass Systems CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4512578 Base: 5.3 Security Version 1809 Security Temporal: 4.8 Important Feature 4511553 Yes for x64-based Update Vector: Bypass Systems CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 Security 4512578 Base: 5.3 Version 1809 Important Feature 4511553 Yes Security Temporal: 4.8 for ARM64- Bypass

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1294 based Update Vector: Systems CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 4512578 Base: 5.3 Security Windows Security Temporal: 4.8 Important Feature 4511553 Yes Server 2019 Update Vector: Bypass CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 4512578 Base: 5.3 Security Server 2019 Security Temporal: 4.8 Important Feature 4511553 Yes (Server Core Update Vector: Bypass installation) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.3 Security Version 1903 Security Temporal: 4.8 Important Feature 4512508 Yes for 32-bit Update Vector: Bypass Systems CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.3 Security Version 1903 Security Temporal: 4.8 Important Feature 4512508 Yes for x64-based Update Vector: Bypass Systems CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Windows 10 4515384 Base: 5.3 Version 1903 Security Security Temporal: 4.8 for ARM64- Important Feature 4512508 Yes Update Vector: based Bypass CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1294 Windows 4515384 Base: 5.3 Server, Security Security Temporal: 4.8 version 1903 Important Feature 4512508 Yes Update Vector: (Server Core Bypass CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C installation)

CVE-2019-1295 - Microsoft SharePoint Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability Description: CVE- A remote code execution vulnerability exists in Microsoft SharePoint where aren't properly 2019- protected from unsafe data input. An attacker who successfully exploited the vulnerability could Remote Code 1295 run arbitrary code in the context of the SharePoint application pool and the SharePoint server Critical Execution MITRE farm account. NVD Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1295 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4475605 Security Microsoft SharePoint Foundation 2010 Remote Code Temporal: Update Critical 4475575 Maybe Service Pack 2 Execution N/A

Vector: N/A Base: N/A 4484098 Security Microsoft SharePoint Foundation 2013 Remote Code Temporal: Update Critical 4475565 Maybe Service Pack 1 Execution N/A

Vector: N/A Base: N/A 4475590 Security Microsoft SharePoint Enterprise Server Remote Code Temporal: Update Critical 4475549 Maybe 2016 Execution N/A

Vector: N/A Base: N/A 4475596 Security Remote Code Temporal: Microsoft SharePoint Server 2019 Update Critical 4475555 Maybe Execution N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1296 - Microsoft SharePoint Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

CVE- Exploitation of this vulnerability requires that a user access a susceptible API on an affected 2019- version of SharePoint with specially-formatted input. Remote Code 1296 Critical The security update addresses the vulnerability by correcting how SharePoint handles Execution MITRE deserialization of untrusted data. NVD

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1296 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4484098 Security Microsoft SharePoint Foundation 2013 Remote Code Base: N/A Update Critical 4475565 Maybe Service Pack 1 Execution Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1296 N/A Vector: N/A Base: N/A 4475590 Security Microsoft SharePoint Enterprise Server Remote Code Temporal: Update Critical 4475549 Maybe 2016 Execution N/A

Vector: N/A Base: N/A 4475596 Security Remote Code Temporal: Microsoft SharePoint Server 2019 Update Critical 4475555 Maybe Execution N/A

Vector: N/A

CVE-2019-1297 - Microsoft Excel Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Microsoft Excel Remote Code Execution Vulnerability 2019- Description: Remote Code 1297 A remote code execution vulnerability exists in Microsoft Excel software when the software fails Important Execution MITRE to properly handle objects in memory. An attacker who successfully exploited the vulnerability NVD could run arbitrary code in the context of the current user. If the current user is logged on with

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web- based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1297 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1297 Base: N/A 4475574 Security Microsoft Excel 2010 Service Pack 2 Remote Code Temporal: Update Important 4464572 Maybe (32-bit editions) Execution N/A

Vector: N/A Base: N/A 4475574 Security Microsoft Excel 2010 Service Pack 2 Remote Code Temporal: Update Important 4464572 Maybe (64-bit editions) Execution N/A

Vector: N/A Base: N/A 4475566 Security Microsoft Excel 2013 Service Pack 1 Remote Code Temporal: Update Important 4464565 Maybe (32-bit editions) Execution N/A

Vector: N/A Base: N/A 4475566 Security Microsoft Excel 2013 Service Pack 1 Remote Code Temporal: Update Important 4464565 Maybe (64-bit editions) Execution N/A

Vector: N/A Base: N/A 4475566 Security Microsoft Excel 2013 RT Service Pack Remote Code Temporal: Update Important 4464565 Maybe 1 Execution N/A

Vector: N/A Release Notes Security Remote Code Base: N/A Microsoft Office 2016 for Mac Update Important 4464565 No Execution Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1297 N/A Vector: N/A Base: N/A 4475579 Security Remote Code Temporal: Microsoft Excel 2016 (32-bit edition) Update Important 4475513 Maybe Execution N/A

Vector: N/A Base: N/A 4475579 Security Remote Code Temporal: Microsoft Excel 2016 (64-bit edition) Update Important 4475513 Maybe Execution N/A

Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 32-bit Remote Code Temporal: Update Important 4475513 No editions Execution N/A

Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 64-bit Remote Code Temporal: Update Important 4475513 No editions Execution N/A

Vector: N/A Base: N/A Release Notes Security Remote Code Temporal: Microsoft Office 2019 for Mac Update Important 4475513 No Execution N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1297 Base: N/A Click to Run Security Remote Code Temporal: Office 365 ProPlus for 32-bit Systems Update Important 4475513 No Execution N/A

Vector: N/A Base: N/A Click to Run Security Remote Code Temporal: Office 365 ProPlus for 64-bit Systems Update Important 4475513 No Execution N/A

Vector: N/A

CVE-2019-1298 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability CVE- Description: 2019- A remote code execution vulnerability exists in the way that the Chakra scripting engine handles Remote Code 1298 objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that Moderate Execution MITRE an attacker could execute arbitrary code in the context of the current user. An attacker who NVD successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1298 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Edge 4516044 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4512517 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2016 Microsoft Edge (EdgeHTML- 4516044 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512517 Yes Windows 10 Update Vector: Execution Version 1607 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1298 Microsoft Edge (EdgeHTML- 4516044 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512517 Yes Windows 10 Update Vector: Execution Version 1607 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4516068 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512507 Yes Windows 10 Update Vector: Execution Version 1703 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge 4516068 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Critical Code 4512507 Yes based) on Update Vector: Execution Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1703

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1298 for x64-based Systems Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft 4516058 Base: 4.2 Edge Remote Security Temporal: 3.8 (EdgeHTML- Critical Code 4512501 Yes Update Vector: based) on Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1298 Version 1803 for 32-bit Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft 4512578 Base: 4.2 Remote Edge Security Temporal: 3.8 Critical Code 4511553 Yes (EdgeHTML- Update Vector: Execution based) on CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1298 Windows 10 Version 1809 for 32-bit Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft Remote 4512578 Base: 4.2 Edge Moderate Code 4511553 Yes Security Temporal: 3.8 (EdgeHTML- Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1298 based) on Update Vector: Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2019 Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft 4515384 Base: 4.2 Remote Edge Security Temporal: 3.8 Critical Code 4512508 Yes (EdgeHTML- Update Vector: Execution based) on CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1298 Windows 10 Version 1903 for x64-based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Release Base: 4.2 Notes Remote Temporal: 3.8 ChakraCore Security Critical Code 4512508 Maybe Vector: Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1299 - Microsoft Edge based on Edge HTML Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. CVE- 2019- To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an Information 1299 attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or Important Disclosure MITRE host user-provided content could contain specially crafted content that could exploit the NVD vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The update addresses the vulnerability by modifying how Microsoft Edge based on Edge HTML handles objects in memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, and other sensitive information.

Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1299 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Edge (EdgeHTML- 4512578 Base: 4.3 based) on Security Information Temporal: 3.9 Important 4511553 Yes Windows 10 Update Disclosure Vector: Version 1809 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.3 based) on Security Information Temporal: 3.9 Important 4511553 Yes Windows 10 Update Disclosure Vector: Version 1809 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C for x64-based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1299 Microsoft Edge (EdgeHTML- 4512578 Base: 4.3 based) on Security Information Temporal: 3.9 Windows 10 Important 4511553 Yes Update Disclosure Vector: Version 1809 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft Edge 4512578 Base: 4.3 (EdgeHTML- Security Information Temporal: 3.9 Important 4511553 Yes based) on Update Disclosure Vector: Windows CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Server 2019 Microsoft Edge (EdgeHTML- 4515384 Base: 4.3 based) on Security Information Temporal: 3.9 Important 4512508 Yes Windows 10 Update Disclosure Vector: Version 1903 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C for 32-bit Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1299 Microsoft Edge (EdgeHTML- 4515384 Base: 4.3 based) on Security Information Temporal: 3.9 Important 4512508 Yes Windows 10 Update Disclosure Vector: Version 1903 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.3 based) on Security Information Temporal: 3.9 Windows 10 Important 4512508 Yes Update Disclosure Vector: Version 1903 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C for ARM64- based Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the CVE- current user is logged on with administrative user rights, an attacker who successfully exploited 2019- the vulnerability could take control of an affected system. An attacker could then install Remote Code 1300 programs; view, change, or delete data; or create new accounts with full user rights. Critical Execution MITRE In a web-based attack scenario, an attacker could host a specially crafted website that is designed NVD to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1300 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 Microsoft Edge 4516070 Base: 4.2 (EdgeHTML- Remote Security Temporal: 3.8 based) on Critical Code 4512497 Yes Update Vector: Windows 10 Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge 4516070 Base: 4.2 (EdgeHTML- Remote Security Temporal: 3.8 based) on Critical Code 4512497 Yes Update Vector: Windows 10 Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge 4516044 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4512517 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2016 Microsoft Remote 4516044 Base: 4.2 Edge Critical Code 4512517 Yes Security Temporal: 3.8 (EdgeHTML- Execution

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 based) on Update Vector: Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1607 for 32-bit Systems Microsoft Edge (EdgeHTML- 4516044 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512517 Yes Windows 10 Update Vector: Execution Version 1607 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4516068 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512507 Yes Windows 10 Update Vector: Execution Version 1703 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 Microsoft Edge (EdgeHTML- 4516068 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512507 Yes Windows 10 Update Vector: Execution Version 1703 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge 4516066 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Critical Code 4512516 Yes based) on Update Vector: Execution Windows 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Version 1709

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 for x64-based Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4516058 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512501 Yes Windows 10 Update Vector: Execution Version 1803 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft 4516058 Base: 4.2 Edge Remote Security Temporal: 3.8 (EdgeHTML- Critical Code 4512501 Yes Update Vector: based) on Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 Version 1803 for ARM64- based Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for 32-bit Systems Microsoft Edge (EdgeHTML- 4512578 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4511553 Yes Windows 10 Update Vector: Execution Version 1809 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft 4512578 Base: 4.2 Remote Edge Security Temporal: 3.8 Critical Code 4511553 Yes (EdgeHTML- Update Vector: Execution based) on CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 Windows 10 Version 1809 for ARM64- based Systems Microsoft Edge 4512578 Base: 4.2 Remote (EdgeHTML- Security Temporal: 3.8 Moderate Code 4511553 Yes based) on Update Vector: Execution Windows CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Server 2019 Microsoft Edge (EdgeHTML- 4516066 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512516 Yes Windows 10 Update Vector: Execution Version 1709 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Microsoft 4515384 Base: 4.2 Edge Remote Security Temporal: 3.8 (EdgeHTML- Critical Code 4512508 Yes Update Vector: based) on Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Windows 10

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 Version 1903 for 32-bit Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for x64-based Systems Microsoft Edge (EdgeHTML- 4515384 Base: 4.2 Remote based) on Security Temporal: 3.8 Critical Code 4512508 Yes Windows 10 Update Vector: Execution Version 1903 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C for ARM64- based Systems Base: 4.2 Release Remote Temporal: 3.8 ChakraCore Notes Critical Code 4512508 Maybe Vector: Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1300 Update

CVE-2019-1301 - .NET Core Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: .NET Core Denial of Service Vulnerability Description: A denial of service vulnerability exists when .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against CVE- a .NET Core web application. The vulnerability can be exploited remotely, without 2019- authentication. Denial of 1301 Important A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted Service MITRE requests to the .NET Core application. NVD The update addresses the vulnerability by correcting how the .NET Core web application handles web requests.

FAQ:

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1301 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A Release Notes Security Update .NET Core 2.1 Important Denial of Service Temporal: N/A Maybe

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1301 Base: N/A Release Notes Security Update .NET Core 2.2 Important Denial of Service Temporal: N/A Maybe

Vector: N/A

CVE-2019-1302 - ASP.NET Core Elevation Of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: ASP.NET Core Elevation Of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when a ASP.NET Core web application, created CVE- using vulnerable project templates, fails to properly sanitize web requests. An attacker who 2019- successfully exploited this vulnerability could perform content injection attacks and run script in Elevation of 1302 the security context of the logged-on user. Important Privilege MITRE To exploit the vulnerability, an attacker could send a specially crafted email, containing a NVD malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. However, in all cases to exploit this vulnerability a user must click a maliciously crafted link from an attacker.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating The security update addresses the vulnerability by correcting the ASP.NET Core project templates.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1302 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A Release Notes Security Update ASP.NET Core 2.1 Important Elevation of Privilege Temporal: N/A Maybe

Vector: N/A Base: N/A Release Notes Security Update ASP.NET Core 2.2 Important Elevation of Privilege Temporal: N/A Maybe

Vector: N/A Base: N/A Release Notes Security Update ASP.NET Core 3.0 Important Elevation of Privilege Temporal: N/A Maybe

Vector: N/A

CVE-2019-1303 - Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE-2019- CVE Title: Windows Elevation of Privilege Vulnerability 1303 Description: Elevation of Important MITRE An elevation of privilege vulnerability exists when the Windows AppX Deployment Server Privilege NVD improperly handles junctions.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Server handles junctions.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1303 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4516068 Security Windows 10 Version 1703 for 32-bit Elevation of Temporal: Update Important 4512507 Yes Systems Privilege N/A

Vector: N/A Base: N/A 4516068 Security Windows 10 Version 1703 for x64-based Elevation of Temporal: Update Important 4512507 Yes Systems Privilege N/A

Vector: N/A Base: N/A 4516066 Security Windows 10 Version 1709 for 32-bit Elevation of Temporal: Update Important 4512516 Yes Systems Privilege N/A

Vector: N/A Base: N/A 4516066 Security Windows 10 Version 1709 for x64-based Elevation of Temporal: Update Important 4512516 Yes Systems Privilege N/A

Vector: N/A Base: N/A 4516058 Security Windows 10 Version 1803 for 32-bit Elevation of Temporal: Update Important 4512501 Yes Systems Privilege N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1303 Base: N/A 4516058 Security Windows 10 Version 1803 for x64-based Elevation of Temporal: Update Important 4512501 Yes Systems Privilege N/A

Vector: N/A Base: N/A 4516058 Security Windows Server, version 1803 (Server Elevation of Temporal: Update Important 4512501 Yes Core Installation) Privilege N/A

Vector: N/A Base: N/A 4516058 Security Windows 10 Version 1803 for ARM64- Elevation of Temporal: Update Important 4512501 Yes based Systems Privilege N/A

Vector: N/A Base: N/A 4512578 Security Windows 10 Version 1809 for 32-bit Elevation of Temporal: Update Important 4511553 Yes Systems Privilege N/A

Vector: N/A Base: N/A 4512578 Security Windows 10 Version 1809 for x64-based Elevation of Temporal: Update Important 4511553 Yes Systems Privilege N/A

Vector: N/A 4512578 Security Windows 10 Version 1809 for ARM64- Elevation of Base: N/A Update Important 4511553 Yes based Systems Privilege Temporal:

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1303 N/A Vector: N/A Base: N/A 4512578 Security Elevation of Temporal: Windows Server 2019 Update Important 4511553 Yes Privilege N/A

Vector: N/A Base: N/A 4512578 Security Windows Server 2019 (Server Core Elevation of Temporal: Update Important 4511553 Yes installation) Privilege N/A

Vector: N/A Base: N/A 4516066 Security Windows 10 Version 1709 for ARM64- Elevation of Temporal: Update Important 4512516 Yes based Systems Privilege N/A

Vector: N/A Base: N/A 4515384 Security Windows 10 Version 1903 for 32-bit Elevation of Temporal: Update Important 4512508 Yes Systems Privilege N/A

Vector: N/A Base: N/A 4515384 Security Windows 10 Version 1903 for x64-based Elevation of Temporal: Update Important 4512508 Yes Systems Privilege N/A

Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1303 Base: N/A 4515384 Security Windows 10 Version 1903 for ARM64- Elevation of Temporal: Update Important 4512508 Yes based Systems Privilege N/A

Vector: N/A Base: N/A 4515384 Security Windows Server, version 1903 (Server Elevation of Temporal: Update Important 4512508 Yes Core installation) Privilege N/A

Vector: N/A

CVE-2019-1305 - Team Foundation Server Cross-site Scripting Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Team Foundation Server Cross-site Scripting Vulnerability CVE- Description: 2019- A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly 1305 sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a Important Spoofing MITRE specially crafted payload to the Team Foundation Server, which will get executed in the context of NVD the user every time a user visits the compromised page.

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content. The security update addresses the vulnerability by ensuring that Team Foundation Server sanitizes user inputs.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

@NSFOCUS 2019 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1305 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Release Notes Security Base: N/A Team Foundation Server 2017 Update Update Important Spoofing Temporal: N/A Maybe 3.1 Vector: N/A Release Notes Security Base: N/A Team Foundation Server 2018 Update Update Important Spoofing Temporal: N/A Maybe 1.2 Vector: N/A Release Notes Security Base: N/A Team Foundation Server 2018 Update Update Important Spoofing Temporal: N/A Maybe 3.2 Vector: N/A Release Notes Security Base: N/A Team Foundation Server 2015 Update Update Important Spoofing Temporal: N/A Maybe 4.2 Vector: N/A Release Notes Security Base: N/A Azure DevOps Server 2019.0.1 Update Important Spoofing Temporal: N/A Maybe Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1306 - Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly. An attacker who successfully exploited this vulnerability could execute code on the server in the context of the TFS or ADO service CVE- account. 2019- To exploit the vulnerability, an attacker would need to upload a specially-crafted file to a Remote Code 1306 Critical vulnerable ADO or TFS server repo and wait for the system to index the file. Execution MITRE NVD The security update addresses the vulnerability by correcting how ADO and TFS index files.

FAQ: None Mitigations: None

@NSFOCUS 2019 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Workarounds: None Revision: 1.0 09/10/2019 07:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1306 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Release Notes Security Base: N/A Team Foundation Server 2018 Remote Code Update Critical Temporal: N/A Maybe Update 3.2 Execution Vector: N/A

@NSFOCUS 2019 http://www.nsfocus.com

CVE-2019-1306 Release Notes Security Base: N/A Remote Code Azure DevOps Server 2019.0.1 Update Critical Temporal: N/A Maybe Execution Vector: N/A Release Notes Security Base: N/A Azure DevOps Server 2019 Update Remote Code Update Critical Temporal: N/A Maybe 1 Execution Vector: N/A

Statement ======

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS. About NSFOCUS ======

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company's Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

@NSFOCUS 2019 http://www.nsfocus.com

NSFOCUS works with Fortune Global 500 companies, including four of the world's five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

@NSFOCUS 2019 http://www.nsfocus.com