Microsoft's January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert

Overview

Microsoft released the January 2019 security patch on Tuesday that fixes 51 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Android App, ASP.NET, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Servicing Stack Updates, Visual Studio, Windows COM, Windows DHCP Client, Windows Hyper-V, Windows Kernel, and Windows Subsystem for Linux. Details can be found in the following table. Product CVE ID CVE Title Severity Level

.NET Framework .NET Framework CVE-2019-0545 Information Disclosure Important Vulnerability

Adobe Flash Player ADV190001 January 2019 Adobe Flash Update Unknown

Skype for Android Privilege Android App CVE-2019-0622 Moderate Escalation Vulnerability

ASP.NET Core Denial-of-Service ASP.NET CVE-2019-0548 Important Vulnerability

ASP.NET Core Denial-of-Service ASP.NET CVE-2019-0564 Important Vulnerability

MSHTML Engine Remote Code Internet Explorer CVE-2019-0541 Important Execution Vulnerability

Microsoft Edge Memory Microsoft Edge CVE-2019-0565 Critical Corruption Vulnerability

Microsoft Edge Privilege Microsoft Edge CVE-2019-0566 Important Escalation Vulnerability

Microsoft Exchange Memory Microsoft Exchange Server CVE-2019-0586 Important Corruption Vulnerability

Microsoft Exchange Microsoft Exchange Server CVE-2019-0588 Information Disclosure Important Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0538 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0575 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0576 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0577 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0578 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0579 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0580 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0581 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0582 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0583 Important Execution Vulnerability

Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0584 Important Execution Vulnerability

Microsoft Word Remote Code Microsoft Office CVE-2019-0585 Important Execution Vulnerability

Microsoft Outlook Microsoft Office CVE-2019-0559 Information Disclosure Important Vulnerability

Microsoft Office Microsoft Office CVE-2019-0560 Information Disclosure Important Vulnerability

Microsoft Word Microsoft Office CVE-2019-0561 Information Disclosure Important Vulnerability

Microsoft Office SharePoint XSS Microsoft Office SharePoint CVE-2019-0556 Important Vulnerability

Microsoft Office SharePoint XSS Microsoft Office SharePoint CVE-2019-0557 Important Vulnerability

Microsoft Office SharePoint XSS Microsoft Office SharePoint CVE-2019-0558 Important Vulnerability

Microsoft SharePoint Privilege Microsoft Office SharePoint CVE-2019-0562 Important Escalation Vulnerability

Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-0539 Critical Corruption Vulnerability

Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-0567 Critical Corruption Vulnerability

Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-0568 Critical Corruption Vulnerability

Microsoft Windows Privilege Microsoft Windows CVE-2019-0543 Important Escalation Vulnerability

Windows Runtime Privilege Microsoft Windows CVE-2019-0570 Important Escalation Vulnerability

Windows Data Sharing Service Microsoft Windows CVE-2019-0571 Important Privilege Escalation Vulnerability

Windows Data Sharing Service Microsoft Windows CVE-2019-0572 Important Privilege Escalation Vulnerability

Windows Data Sharing Service Microsoft Windows CVE-2019-0573 Important Privilege Escalation Vulnerability

Windows Data Sharing Service Microsoft Windows CVE-2019-0574 Important Privilege Escalation Vulnerability

Microsoft XmlDocument Privilege Microsoft XML CVE-2019-0555 Important Escalation Vulnerability

Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical

Microsoft Visual Studio Visual Studio CVE-2019-0537 Information Disclosure Important Vulnerability

Visual Studio Remote Code Visual Studio CVE-2019-0546 Moderate Execution Vulnerability

Windows COM Privilege Windows COM CVE-2019-0552 Important Escalation Vulnerability

Windows DHCP Client Remote Windows DHCP Client CVE-2019-0547 Critical Code Execution Vulnerability

Windows Hyper-V Remote Code Windows Hyper-V CVE-2019-0550 Critical Execution Vulnerability

Windows Hyper-V Remote Code Windows Hyper-V CVE-2019-0551 Critical Execution Vulnerability

Windows Kernel Windows Kernel CVE-2019-0536 Information Disclosure Important Vulnerability

Windows Kernel Windows Kernel CVE-2019-0549 Information Disclosure Important Vulnerability

Windows Kernel Windows Kernel CVE-2019-0554 Information Disclosure Important Vulnerability

Windows Kernel Windows Kernel CVE-2019-0569 Information Disclosure Important Vulnerability

Windows Subsystem for Linux Windows Subsystem for Linux CVE-2019-0553 Information Disclosure Important Vulnerability

Recommended Mitigation Measure

Microsoft has released the January 2019 security patch to fix these issues. Please install the patch as soon as possible.

Appendix

ADV190001 - January 2019 Adobe Flash Update

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact ADV190001 CVE Title: January 2019 Adobe Flash Update MITRE Unknown Unknown Description: NVD

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact This update does not address any security vulnerabilities. For more information, please see APSB19-01. Note: Please disregard mentions of security or vulnerability in this advisory. These are hardcoded titles that we were unable to change for this non-security Adobe Flash update.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

ADV190001 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4480979 Temporal: Adobe Flash Player on Windows Server 2012 Update 4471331 Yes N/A

Vector: N/A Base: N/A 4480979 Temporal: Adobe Flash Player on Windows 8.1 for 32-bit systems Update 4471331 Yes N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 8.1 for x64-based Temporal: Update 4471331 Yes systems N/A

Vector: N/A Base: N/A 4480979 Temporal: Adobe Flash Player on Windows Server 2012 R2 Update 4471331 Yes N/A

Vector: N/A Base: N/A 4480979 Temporal: Adobe Flash Player on Windows RT 8.1 Update 4471331 Yes N/A

Vector: N/A

ADV190001 Base: N/A 4480979 Temporal: Adobe Flash Player on Windows 10 for 32-bit Systems Update 4471331 Yes N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 for x64-based Temporal: Update 4471331 Yes Systems N/A

Vector: N/A Base: N/A 4480979 Temporal: Adobe Flash Player on Windows Server 2016 Update 4471331 Yes N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1607 for 32- Temporal: Update 4471331 Yes bit Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1607 for Temporal: Update 4471331 Yes x64-based Systems N/A

Vector: N/A 4480979 Adobe Flash Player on Windows 10 Version 1703 for 32- Base: N/A Update 4471331 Yes bit Systems Temporal:

ADV190001 N/A Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1703 for Temporal: Update 4471331 Yes x64-based Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1709 for 32- Temporal: Update 4471331 Yes bit Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1709 for Temporal: Update 4471331 Yes x64-based Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1803 for 32- Temporal: Update 4471331 Yes bit Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1803 for Temporal: Update 4471331 Yes x64-based Systems N/A

Vector: N/A

ADV190001 Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1803 for Temporal: Update 4471331 Yes ARM64-based Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1809 for 32- Temporal: Update 4471331 Yes bit Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1809 for Temporal: Update 4471331 Yes x64-based Systems N/A

Vector: N/A Base: N/A 4480979 Adobe Flash Player on Windows 10 Version 1809 for Temporal: Update 4471331 Yes ARM64-based Systems N/A

Vector: N/A Base: N/A 4480979 Temporal: Adobe Flash Player on Windows Server 2019 Update 4471331 Yes N/A

Vector: N/A 4480979 Adobe Flash Player on Windows 10 Version 1709 for Base: N/A Update 4471331 Yes ARM64-based Systems Temporal:

ADV190001 N/A Vector: N/A

ADV990001 - Latest Servicing Stack Updates

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Latest Servicing Stack Updates Description: This is a list of the latest servicing stack updates for each operating sytem. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. ADV990001 Defense MITRE Critical FAQ: in Depth NVD 1. Why are all of the Servicing Stack Updates (SSU) critical updates? The SSUs are classified as Critical updates. This does not indicate that there is a critical vulnerability being addressed in the update. 2. When was the most recent SSU released for each version of Microsoft Windows?

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Please refer to the following table for the most recent SSU release. We will update the entries any time a new SSU is released:

Product SSU Package Date Released Windows Server 2008 955430 May 2009 Windows 7/Server 2008 R2 3177467 October 2018 Windows Server 2012 3173426 July 2016 Windows 8.1/Server 2012 R2 3173424 July 2016 Windows 10 4093430 April 2018 Windows 10 Version 1607/Server 2016 4465659 November 2018 Windows 10 Version 1703 4486458 January 2019 Windows 10 1709/Windows Server, version 1709 4477136 December 2018 Windows 10 1803/Windows Server, version 1803 4477137 December 2018 Windows 10 1809/Server 2019 4470788 December 2018

Mitigations: None Workarounds: None

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 2.0 12/05/2018 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 1.0 11/13/2018 08:00:00 Information published. 1.1 11/14/2018 08:00:00 Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational change only. 2.0 12/05/2018 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 4.0 01/08/2019 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section for more information. 1.2 12/03/2018 08:00:00 FAQs have been added to further explain Security Stack Updates. The FAQs include a table that indicates the most recent SSU release for each Windows version. This is an informational change only.

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating 3.1 12/11/2018 08:00:00 Updated supersedence information. This is an informational change only. 3.0 12/11/2018 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 3.2 12/12/2018 08:00:00 Fixed a typo in the FAQ.

Affected Software

The following tables list the affected software details for the vulnerability.

ADV990001 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required

ADV990001 Base: N/A 3177467 Servicing Defense Temporal: Windows 7 for 32-bit Systems Service Pack 1 Stack Update Critical Yes in Depth N/A

Vector: N/A Base: N/A 3177467 Servicing Windows 7 for x64-based Systems Service Pack Defense Temporal: Stack Update Critical Yes 1 in Depth N/A

Vector: N/A Base: N/A 3177467 Servicing Windows Server 2008 R2 for x64-based Systems Defense Temporal: Stack Update Critical Yes Service Pack 1 (Server Core installation) in Depth N/A

Vector: N/A Base: N/A 3177467 Service Windows Server 2008 R2 for Itanium-Based Defense Temporal: Stack Update Critical Yes Systems Service Pack 1 in Depth N/A

Vector: N/A Base: N/A 3177467 Servicing Windows Server 2008 R2 for x64-based Systems Defense Temporal: Stack Update Critical Yes Service Pack 1 in Depth N/A

Vector: N/A 955430 Servicing Windows Server 2008 for 32-bit Systems Service Defense Base: N/A Stack Update Critical Yes Pack 2 (Server Core installation) in Depth Temporal:

ADV990001 N/A Vector: N/A Base: N/A 3173426 Servicing Defense Temporal: Windows Server 2012 Stack Update Critical Yes in Depth N/A

Vector: N/A Base: N/A 3173426 Servicing Defense Temporal: Windows Server 2012 (Server Core installation) Stack Update Critical Yes in Depth N/A

Vector: N/A Base: N/A 3173424 Servicing Defense Temporal: Windows 8.1 for 32-bit systems Stack Update Critical Yes in Depth N/A

Vector: N/A Base: N/A 3173424 Servicing Defense Temporal: Windows 8.1 for x64-based systems Stack Update Critical Yes in Depth N/A

Vector: N/A Base: N/A 3173424 Servicing Defense Temporal: Windows Server 2012 R2 Stack Update Critical Yes in Depth N/A

Vector: N/A

ADV990001 Base: N/A 3173424 Servicing Windows Server 2012 R2 (Server Core Defense Temporal: Stack Update Critical Yes installation) in Depth N/A

Vector: N/A Base: N/A 4093430 Servicing Defense Temporal: Windows 10 for 32-bit Systems Stack Update Critical 4021701 Yes in Depth N/A

Vector: N/A Base: N/A 4093430 Servicing Defense Temporal: Windows 10 for x64-based Systems Stack Update Critical 4021701 Yes in Depth N/A

Vector: N/A Base: N/A 4465659 Servicing Defense Temporal: Windows Server 2016 Stack Update Critical 4132216 Yes in Depth N/A

Vector: N/A Base: N/A 4465659 Servicing Defense Temporal: Windows 10 Version 1607 for 32-bit Systems Stack Update Critical 4132216 Yes in Depth N/A

Vector: N/A 4465659 Servicing Windows 10 Version 1607 for x64-based Defense Base: N/A Stack Update Critical 4132216 Yes Systems in Depth Temporal:

ADV990001 N/A Vector: N/A Base: N/A 4465659 Servicing Defense Temporal: Windows Server 2016 (Server Core installation) Stack Update Critical 4132216 Yes in Depth N/A

Vector: N/A Base: N/A 4486458 Servicing Defense Temporal: Windows 10 Version 1703 for 32-bit Systems Stack Update Critical 4465660 Yes in Depth N/A

Vector: N/A Base: N/A 4486458 Servicing Windows 10 Version 1703 for x64-based Defense Temporal: Stack Update Critical 4465660 Yes Systems in Depth N/A

Vector: N/A Base: N/A 4477136 Servicing Defense Temporal: Windows 10 Version 1709 for 32-bit Systems Stack Update Critical 4465661 Yes in Depth N/A

Vector: N/A Base: N/A 4477136 Servicing Windows 10 Version 1709 for x64-based Defense Temporal: Stack Update Critical 4465661 Yes Systems in Depth N/A

Vector: N/A

ADV990001 Base: N/A 4477136 Servicing Windows Server, version 1709 (Server Core Defense Temporal: Stack Update Critical 4465661 Yes Installation) in Depth N/A

Vector: N/A Base: N/A 4477137 Servicing Defense Temporal: Windows 10 Version 1803 for 32-bit Systems Stack Update Critical 4465663 Yes in Depth N/A

Vector: N/A Base: N/A 4477137 Servicing Windows 10 Version 1803 for x64-based Defense Temporal: Stack Update Critical 4465663 Yes Systems in Depth N/A

Vector: N/A Base: N/A 4477137 Servicing Windows Server, version 1803 (Server Core Defense Temporal: Stack Update Critical 4465663 Yes Installation) in Depth N/A

Vector: N/A Base: N/A 4477137 Servicing Windows 10 Version 1803 for ARM64-based Defense Temporal: Stack Update Critical 4465663 Yes Systems in Depth N/A

Vector: N/A 4470788 Servicing Defense Base: N/A Windows 10 Version 1809 for 32-bit Systems Stack Update Critical 4465664 Yes in Depth Temporal:

ADV990001 N/A Vector: N/A Base: N/A 4470788 Servicing Windows 10 Version 1809 for x64-based Defense Temporal: Stack Update Critical 4465664 Yes Systems in Depth N/A

Vector: N/A Base: N/A 4470788 Servicing Windows 10 Version 1809 for ARM64-based Defense Temporal: Stack Update Critical 4465664 Yes Systems in Depth N/A

Vector: N/A Base: N/A 4470788 Servicing Defense Temporal: Windows Server 2019 Stack Update Critical 4465664 Yes in Depth N/A

Vector: N/A Base: N/A 4470788 Servicing Defense Temporal: Windows Server 2019 (Server Core installation) Stack Update Critical 4465664 Yes in Depth N/A

Vector: N/A Base: N/A 4477136 Servicing Windows 10 Version 1709 for ARM64-based Defense Temporal: Stack Update Critical 4465661 Yes Systems in Depth N/A

Vector: N/A

ADV990001 Base: N/A 955430 Servicing Windows Server 2008 for Itanium-Based Defense Temporal: Stack Update Critical 4465661 Yes Systems Service Pack 2 in Depth N/A

Vector: N/A Base: N/A 955430 Servicing Windows Server 2008 for 32-bit Systems Service Defense Temporal: Stack Update Critical 4465661 Yes Pack 2 in Depth N/A

Vector: N/A Base: N/A 955430 Servicing Windows Server 2008 for x64-based Systems Defense Temporal: Stack Update Critical 4465661 Yes Service Pack 2 in Depth N/A

Vector: N/A Base: N/A 955430 Servicing Windows Server 2008 for x64-based Systems Defense Temporal: Stack Update Critical 4465661 Yes Service Pack 2 (Server Core installation) in Depth N/A

Vector: N/A

CVE-2019-0536 - Windows Kernel Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a CVE- specially crafted application. The vulnerability would not allow an attacker to execute code or to 2019- elevate user rights directly, but it could be used to obtain information that could be used to try to Information Disc 0536 further compromise the affected system. Important losure MITRE The update addresses the vulnerability by correcting how the Windows kernel handles objects in NVD memory.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0536 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 7 4480960 Information Base: 4.7 Important 4471318 Yes for 32-bit Security Disclosure Temporal: 4.2

CVE-2019-0536 Systems Only Vector: Service 4480970 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 1 Monthly C:C Rollup

4480960 Windows 7 Security Base: 4.7 for x64- Only Temporal: 4.2 based Information 4480970 Important 4471318 Vector: Yes Systems Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 1

Windows Server 2008 4480960 R2 for x64- Security Base: 4.7 based Only Temporal: 4.2 Systems Information 4480970 Important 4471318 Vector: Yes Service Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 1 Rollup C:C (Server

Core installation)

CVE-2019-0536 Windows 4480960 Server 2008 Security Base: 4.7 R2 for Only Temporal: 4.2 Itanium- Information 4480970 Important 4471318 Vector: Yes Based Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems Rollup C:C Service

Pack 1 Windows 4480960 Server 2008 Security Base: 4.7 R2 for x64- Only Temporal: 4.2 Information based 4480970 Important 4471318 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 1 Windows 4480957 Server 2008 Security Base: 4.7 for 32-bit Only Temporal: 4.2 Information Systems 4480968 Important 4471325 Vector: Yes Disclosure Service Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 2 Rollup C:C (Server

CVE-2019-0536 Core installation) 4480972 Security Base: 4.7 Only Temporal: 4.2 Windows Information 4480975 Important 4471330 Vector: Yes Server 2012 Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Rollup C:C

4480972 Windows Security Base: 4.7 Server 2012 Only Temporal: 4.2 Information (Server 4480975 Important 4471330 Vector: Yes Disclosure Core Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) Rollup C:C

4480964 Security Base: 4.7 Windows Only Temporal: 4.2 Information 8.1 for 32- 4480963 Important 4471320 Vector: Yes Disclosure bit systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Rollup C:C

CVE-2019-0536 4480963 Monthly Base: 4.7 Windows Rollup Temporal: 4.2 8.1 for x64- Information 4480964 Important 4471320 Vector: Yes based Disclosure Security CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R systems Only C:C

4480963 Monthly Base: 4.7 Windows Rollup Temporal: 4.2 Information Server 2012 4480964 Important 4471320 Vector: Yes Disclosure R2 Security CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Only C:C

Base: 4.7 4480963 Temporal: 4.2 Windows Monthly Information Important 4471320 Vector: Yes RT 8.1 Rollup Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C 4480963 Windows Base: 4.7 Monthly Information Server 2012 Important 4471320 Temporal: 4.2 Yes Rollup Disclosure R2 (Server Vector: 4480964

CVE-2019-0536 Core Security CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) Only C:C

Base: 4.7 4480962 Windows Temporal: 4.2 Security Information 10 for 32- Important 4483228 Vector: Yes Update Disclosure bit Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Base: 4.7 Windows 4480962 Temporal: 4.2 10 for x64- Security Information Important 4483228 Vector: Yes based Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems C:C Base: 4.7 4480961 Temporal: 4.2 Windows Security Information Important 4471321 Vector: Yes Server 2016 Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Base: 4.7 Windows 4480961 Temporal: 4.2 10 Version Security Information Important 4483229 Vector: Yes 1607 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C

CVE-2019-0536 Windows Base: 4.7 4480961 10 Version Temporal: 4.2 Security Information 1607 for Important 4471321 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C Windows Base: 4.7 4480961 Server 2016 Temporal: 4.2 Security Information (Server Important 4471321 Vector: Yes Update Disclosure Core CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) C:C Base: 4.7 Windows 4480973 Temporal: 4.2 10 Version Security Information Important 4483229 Vector: Yes 1703 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480973 10 Version Temporal: 4.2 Security Information 1703 for Important 4483229 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C Base: 4.7 Windows 4480978 Information Important 4483232 Temporal: 4.2 Yes 10 Version Security Disclosure Vector:

CVE-2019-0536 1709 for 32- Update CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480978 10 Version Temporal: 4.2 Security Information 1709 for Important 4483232 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C Windows Server, Base: 4.7 4480978 version Temporal: 4.2 Security Information 1709 Important 4483232 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Core C:C Installation) Base: 4.7 Windows 4480966 Temporal: 4.2 10 Version Security Information Important 4483234 Vector: Yes 1803 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C 4480966 Windows Base: 4.7 Security Information 10 Version Important 4483234 Temporal: 4.2 Yes Update Disclosure 1803 for Vector:

CVE-2019-0536 x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems C:C Windows Server, Base: 4.7 4480966 version Temporal: 4.2 Security Information 1803 Important 4483234 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Core C:C Installation) Windows Base: 4.7 10 Version 4480966 Temporal: 4.2 1803 for Security Information Important 4483234 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R based C:C Systems Base: 4.7 Windows 4480116 Temporal: 4.2 10 Version Security Information Important 4483235 Vector: Yes 1809 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480116 Information 10 Version Important 4483235 Temporal: 4.2 Yes Security Disclosure 1809 for Vector:

CVE-2019-0536 x64-based Update CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems C:C Windows Base: 4.7 10 Version 4480116 Temporal: 4.2 1809 for Security Information Important 4483235 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R based C:C Systems Base: 4.7 4480116 Temporal: 4.2 Windows Security Information Important 4483235 Vector: Yes Server 2019 Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Windows Base: 4.7 4480116 Server 2019 Temporal: 4.2 Security Information (Server Important 4483235 Vector: Yes Update Disclosure Core CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) C:C Base: 4.7 Windows 4480978 Temporal: 4.2 10 Version Security Information Important 4483232 Vector: Yes 1709 for Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R ARM64- C:C

CVE-2019-0536 based Systems Windows 4480957 Server 2008 Security Base: 4.7 for Itanium- Only Temporal: 4.2 Information Based 4480968 Important 4471325 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2 4480957 Windows Security Base: 4.7 Server 2008 Only Temporal: 4.2 for 32-bit Information 4480968 Important 4471325 Vector: Yes Systems Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2

Windows 4480957 Server 2008 Security Base: 4.7 for x64- Only Temporal: 4.2 Information based 4480968 Important 4471325 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2

CVE-2019-0536 Windows Server 2008 4480957 for x64- Security Base: 4.7 based Only Temporal: 4.2 Systems Information 4480968 Important 4471325 Vector: Yes Service Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 2 Rollup C:C (Server

Core installation)

CVE-2019-0537 - Microsoft Visual Studio Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Microsoft Visual Studio Information Disclosure Vulnerability Information Disc 2019- Important Description: losure 0537

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary NVD file contents if the victim opens a malicious .vscontent file. An attacker who took advantage of this information disclosure could view arbitrary file contents from the computer where the victim launched Visual Studio. To take advantage of the vulnerability, an attacker would need to trick a user into opening a malicious .vscontent file using a vulnerable version of Visual Studio. An attacker would have no way to force a developer to produce this information disclosure. The security update addresses the vulnerability by correcting how Visual Studio loads .vscontent files.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.

Mitigations: None Workarounds:

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0537 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4476698 Security Base: N/A Microsoft Visual Studio 2010 Information Disclos Update Important Temporal: N/A Maybe Service Pack 1 ure Vector: N/A 4476755 Security Base: N/A Microsoft Visual Studio 2012 Information Disclos Update Important Temporal: N/A Maybe Update 5 ure Vector: N/A

CVE-2019-0538 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

CVE- An attacker could exploit this vulnerability by enticing a victim to open a specially crafted 2019- file. Remote Code 0538 Important The update addresses the vulnerability by correcting the way the Windows Jet Database Execution MITRE Engine handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds:

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0538 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0538 4480960 Windows 7 Security Base: 7.8 for x64- Only Remote Temporal: 7 based 4480970 Important Code 4471318 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 1

Windows Server 2008 4480960 R2 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 (Server Rollup C:C Core installation) 4480960 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 R2 for 4480970 Important Code 4471318 Vector: Yes Itanium- Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Based Rollup C:C Systems

CVE-2019-0538 Service Pack 1 Windows 4480960 Server 2008 Security Base: 7.8 R2 for x64- Only Remote Temporal: 7 based 4480970 Important Code 4471318 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 1 Windows 4480957 Server 2008 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation) 4480972 Base: 7.8 Security Remote Temporal: 7 Windows Only Important Code 4471330 Vector: Yes Server 2012 4480975 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Monthly C:C

CVE-2019-0538 Rollup

4480972 Security Base: 7.8 Windows Only Remote Temporal: 7 Server 2012 4480975 Important Code 4471330 Vector: Yes (Server Core Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Rollup C:C

4480964 Security Base: 7.8 Windows Only Remote Temporal: 7 8.1 for 32-bit 4480963 Important Code 4471320 Vector: Yes systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

CVE-2019-0538 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 Server 2012 4480964 Important Code 4471320 Vector: Yes R2 Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Monthly Base: 7.8 Server 2012 Rollup Remote Temporal: 7 R2 (Server 4480964 Important Code 4471320 Vector: Yes Core Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

4480962 Windows 10 Remote Base: 7.8 Security for 32-bit Important Code 4483228 Temporal: 7 Yes Update Systems Execution Vector:

CVE-2019-0538 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R C:C Base: 7.8 Windows 10 4480962 Remote Temporal: 7 for x64- Security Important Code 4483228 Vector: Yes based Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems C:C Base: 7.8 4480961 Remote Temporal: 7 Windows Security Important Code 4471321 Vector: Yes Server 2016 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C Base: 7.8 Windows 10 4480961 Remote Temporal: 7 Version Security Important Code 4483229 Vector: Yes 1607 for 32- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0538 Base: 7.8 Windows 4480961 Remote Temporal: 7 Server 2016 Security Important Code 4471321 Vector: Yes (Server Core Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) C:C Base: 7.8 Windows 10 4480973 Remote Temporal: 7 Version Security Important Code 4483229 Vector: Yes 1703 for 32- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480973 Version Remote Temporal: 7 Security 1703 for Important Code 4483229 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Base: 7.8 Windows 10 4480978 Remote Temporal: 7 Version Security Important Code 4483232 Vector: Yes 1709 for 32- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Remote Base: 7.8 4480978 Version Important Code 4483232 Temporal: 7 Yes Security 1709 for Execution Vector:

CVE-2019-0538 x64-based Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems C:C Windows Base: 7.8 4480978 Server, Remote Temporal: 7 Security version 1709 Important Code 4483232 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Installation) C:C Base: 7.8 Windows 10 4480966 Remote Temporal: 7 Version Security Important Code 4483234 Vector: Yes 1803 for 32- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480966 Version Remote Temporal: 7 Security 1803 for Important Code 4483234 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Installation) C:C

CVE-2019-0538 Windows 10 Base: 7.8 Version 4480966 Remote Temporal: 7 1803 for Security Important Code 4483234 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 Windows 10 4480116 Remote Temporal: 7 Version Security Important Code 4483235 Vector: Yes 1809 for 32- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480116 Version Remote Temporal: 7 Security 1809 for Important Code 4483235 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems

CVE-2019-0538 Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C Base: 7.8 Windows 4480116 Remote Temporal: 7 Server 2019 Security Important Code 4483235 Vector: Yes (Server Core Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) C:C Windows 10 Base: 7.8 Version 4480978 Remote Temporal: 7 1709 for Security Important Code 4483232 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0538 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

Windows 4480957 Server 2008 Security Base: 7.8 for x64- Only Remote Temporal: 7 based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0539 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who CVE- successfully exploited the vulnerability could gain the same user rights as the current user. If the 2019- current user is logged on with administrative user rights, an attacker who successfully exploited Remote Code 0539 the vulnerability could take control of an affected system. An attacker could then install Critical Execution MITRE programs; view, change, or delete data; or create new accounts with full user rights. NVD In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0539 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Base: 4.2 4480962 Edge on Remote Temporal: 3.8 Security Windows 10 Critical Code 4483228 Vector: Yes Update for 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R

Systems C:C Microsoft Base: 4.2 Edge on 4480962 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483228 Vector: Yes for x64- Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R based C:C Systems Base: 4.2 Microsoft 4480961 Remote Temporal: 3.8 Edge on Security Moderate Code 4471321 Vector: Yes Windows Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R Server 2016 C:C Base: 4.2 Microsoft 4480961 Remote Temporal: 3.8 Edge on Security Critical Code 4483229 Vector: Yes Windows 10 Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R Version C:C

CVE-2019-0539 1607 for 32- bit Systems Microsoft Edge on Base: 4.2 4480961 Windows 10 Remote Temporal: 3.8 Security Version Critical Code 4471321 Vector: Yes Update 1607 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.2 Edge on 4480973 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483229 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1703 for 32- C:C bit Systems Microsoft Edge on Base: 4.2 4480973 Windows 10 Remote Temporal: 3.8 Security Version Critical Code 4483229 Vector: Yes Update 1703 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems

CVE-2019-0539 Microsoft Base: 4.2 Edge on 4480978 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483232 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1709 for 32- C:C bit Systems Microsoft Edge on Base: 4.2 4480978 Windows 10 Remote Temporal: 3.8 Security Version Critical Code 4483232 Vector: Yes Update 1709 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.2 Edge on 4480966 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483234 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1803 for 32- C:C bit Systems Microsoft 4480966 Remote Base: 4.2 Edge on Security Critical Code 4483234 Temporal: 3.8 Yes Windows 10 Update Execution Vector: Version

CVE-2019-0539 1803 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Edge on Base: 4.2 Windows 10 4480966 Remote Temporal: 3.8 Version Security Critical Code 4483234 Vector: Yes 1803 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Microsoft Base: 4.2 Edge on 4480116 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483235 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1809 for 32- C:C bit Systems Microsoft Base: 4.2 4480116 Edge on Remote Temporal: 3.8 Security Windows 10 Critical Code 4483235 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R

1809 for C:C

CVE-2019-0539 x64-based Systems Microsoft Edge on Base: 4.2 Windows 10 4480116 Remote Temporal: 3.8 Version Security Critical Code 4483235 Vector: Yes 1809 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Base: 4.2 Microsoft 4480116 Remote Temporal: 3.8 Edge on Security Moderate Code 4483235 Vector: Yes Windows Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R Server 2019 C:C Microsoft Edge on Base: 4.2 Windows 10 4480978 Remote Temporal: 3.8 Version Security Critical Code 4483232 Vector: Yes 1709 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems

CVE-2019-0539 Release Notes Remote Base: N/A ChakraCore Security Critical Code 4483232 Temporal: N/A Maybe Update Execution Vector: N/A

CVE-2019-0541 - MSHTML Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: MSHTML Engine Remote Code Execution Vulnerability Description: CVE- A remote code execution vulnerability exists in the way that the MSHTML engine inproperly 2019- validates input. Remote Code 0541 Important An attacker could execute arbitrary code in the context of the current user. If the current user is Execution MITRE logged on with administrative user rights, an attacker who successfully exploited the NVD vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0541 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Microsoft Excel 2596760 Remote Base: N/A Viewer Security Important Code Temporal: N/A Maybe 2007 Update Execution Vector: N/A Service Pack 3 Internet Explorer 9 on 4480965 IE Base: 6.4 Windows Cumulative Remote Temporal: 5.8 Server 4480968 Low Code 4471325 Vector: Yes 2008 for Monthly Execution CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 32-bit Rollup C:C Systems Service Pack 2 Internet Base: 6.4 4480965 IE Explorer Remote Temporal: 5.8 Cumulative 9 on Low Code 4471325 Vector: Yes 4480968 Windows Execution CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Monthly Server C:C

CVE-2019-0541 2008 for Rollup x64-based Systems Service Pack 2 Internet Explorer 4480970 11 on Base: 7.5 Monthly Windows Remote Temporal: 6.7 Rollup 7 for 32- Important Code 4483187 Vector: Yes 4480965 IE bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Cumulative Systems C:C

Service Pack 1 Internet Explorer 4480965 IE 11 on Base: 7.5 Cumulative Windows Remote Temporal: 6.7 4480970 7 for x64- Important Code 4471318 Vector: Yes Monthly based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup Systems C:C

Service Pack 1

CVE-2019-0541 Internet Explorer 11 on 4480965 IE Windows Base: 6.4 Cumulative Server Remote Temporal: 5.8 4480970 2008 R2 Low Code 4471318 Vector: Yes Monthly for x64- Execution CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup based C:C

Systems Service Pack 1 Internet 4480963 Explorer Base: 7.5 Monthly 11 on Remote Temporal: 6.7 Rollup Windows Important Code 4483187 Vector: Yes 4480965 IE 8.1 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Cumulative 32-bit C:C systems Internet Base: 7.5 4480963 Explorer Remote Temporal: 6.7 Monthly 11 on Important Code 4483187 Vector: Yes Rollup Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 4480965 IE 8.1 for C:C

CVE-2019-0541 x64-based Cumulative systems Internet 4480963 Base: 6.4 Explorer Monthly Remote Temporal: 5.8 11 on Rollup Low Code 4483187 Vector: Yes Windows 4480965 IE Execution CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Server Cumulative C:C 2012 R2 Internet Base: 7.5 4480963 Explorer Remote Temporal: 6.7 Monthly 11 on Important Code 4471320 Vector: Yes Rollup Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

RT 8.1 C:C Internet Explorer Base: 7.5 4480962 11 on Remote Temporal: 6.7 Security Windows Important Code 4483228 Vector: Yes Update 10 for 32- Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit C:C Systems Internet Remote Base: 7.5 4480962 Explorer Important Code 4483228 Temporal: 6.7 Yes Security 11 on Execution Vector:

CVE-2019-0541 Windows Update CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 10 for C:C x64-based Systems Internet Base: 6.4 Explorer 4480961 Remote Temporal: 5.8 11 on Security Low Code 4471321 Vector: Yes Windows Update Execution CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Server C:C 2016 Internet Explorer 11 on Base: 7.5 4480961 Windows Remote Temporal: 6.7 Security 10 Important Code 4483229 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1607 for C:C 32-bit Systems Internet 4480961 Remote Base: 7.5 Explorer Security Important Code 4471321 Temporal: 6.7 Yes 11 on Update Execution Vector: Windows

CVE-2019-0541 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Version C:C 1607 for x64-based Systems Internet Explorer 11 on Base: 7.5 4480973 Windows Remote Temporal: 6.7 Security 10 Important Code 4483229 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1703 for C:C 32-bit Systems Internet Explorer 11 on Base: 7.5 4480973 Windows Remote Temporal: 6.7 Security 10 Important Code 4483229 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1703 for C:C x64-based Systems

CVE-2019-0541 Internet Explorer 11 on Base: 7.5 4480978 Windows Remote Temporal: 6.7 Security 10 Important Code 4483232 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1709 for C:C 32-bit Systems Internet Explorer 11 on Base: 7.5 4480978 Windows Remote Temporal: 6.7 Security 10 Important Code 4483232 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1709 for C:C x64-based Systems Internet Base: 7.5 4480966 Explorer Remote Temporal: 6.7 Security 11 on Important Code 4483234 Vector: Yes Update Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

10 C:C

CVE-2019-0541 Version 1803 for 32-bit Systems Internet Explorer 11 on Base: 7.5 4480966 Windows Remote Temporal: 6.7 Security 10 Important Code 4483234 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1803 for C:C x64-based Systems Internet Explorer 11 on Base: 7.5 Windows 4480966 Remote Temporal: 6.7 10 Security Important Code 4483234 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1803 for C:C ARM64- based Systems

CVE-2019-0541 Internet Explorer 11 on Base: 7.5 4480116 Windows Remote Temporal: 6.7 Security 10 Important Code 4483235 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1809 for C:C 32-bit Systems Internet Explorer 11 on Base: 7.5 4480116 Windows Remote Temporal: 6.7 Security 10 Important Code 4483235 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

1809 for C:C x64-based Systems Internet Base: 7.5 4480116 Explorer Remote Temporal: 6.7 Security 11 on Important Code 4483235 Vector: Yes Update Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

10 C:C

CVE-2019-0541 Version 1809 for ARM64- based Systems Internet Base: 6.4 Explorer 4480116 Remote Temporal: 5.8 11 on Security Low Code 4483235 Vector: Yes Windows Update Execution CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Server C:C 2019 Internet Explorer 11 on Base: 7.5 Windows 4480978 Remote Temporal: 6.7 10 Security Important Code 4483232 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1709 for C:C ARM64- based Systems

CVE-2019-0541 Microsoft Office 2553332 2010 Remote Base: N/A Security Service Important Code 4483232 Temporal: N/A Maybe Update Pack 2 Execution Vector: N/A

(32-bit editions) Microsoft Office 2553332 2010 Remote Base: N/A Security Service Important Code 4483232 Temporal: N/A Maybe Update Pack 2 Execution Vector: N/A

(64-bit editions) Internet 4480975 Base: 6.4 Explorer Monthly Remote Temporal: 5.8 10 on Rollup Low Code 4483187 Vector: Yes Windows 4480965 IE Execution CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Server Cumulative C:C 2012 Microsoft Remote Base: N/A 3172522 Office Important Code 4483187 Temporal: N/A Maybe Security 2013 Execution Vector: N/A

CVE-2019-0541 Service Update Pack 1 (32-bit editions) Microsoft Office 3172522 2013 Remote Base: N/A Security Service Important Code 4483187 Temporal: N/A Maybe Update Pack 1 Execution Vector: N/A

(64-bit editions) Microsoft 3172522 Office Remote Base: N/A Security 2013 RT Important Code 4483187 Temporal: N/A Maybe Update Service Execution Vector: N/A

Pack 1 Microsoft 4022162 Office Remote Base: N/A Security 2016 (32- Important Code 4483187 Temporal: N/A Maybe Update bit Execution Vector: N/A edition)

CVE-2019-0541 Microsoft 4022162 Office Remote Base: N/A Security 2016 (64- Important Code 4483187 Temporal: N/A Maybe Update bit Execution Vector: N/A edition) Microsoft Click to Office Run Remote Base: N/A 2019 for Security Important Code 4483187 Temporal: N/A No 32-bit Update Execution Vector: N/A editions Microsoft Click to Office Run Remote Base: N/A 2019 for Security Important Code 4483187 Temporal: N/A No 64-bit Update Execution Vector: N/A editions Office Click to 365 Run Remote Base: N/A ProPlus Security Important Code 4483187 Temporal: N/A No for 32-bit Update Execution Vector: N/A Systems Office Click to Remote Base: N/A 365 Run Important Code 4483187 Temporal: N/A No ProPlus Security Execution Vector: N/A

CVE-2019-0541 for 64-bit Update Systems Microsoft 4462112 Remote Base: N/A Office Security Important Code 4092433 Temporal: N/A Maybe Word Update Execution Vector: N/A Viewer

CVE-2019-0543 - Microsoft Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles CVE- authentication requests. An attacker who successfully exploited this vulnerability could run 2019- processes in an elevated context. Elevation of 0543 Important Privilege MITRE An attacker could exploit this vulnerability by running a specially crafted application on the NVD victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0543 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required

CVE-2019-0543 4480960 Security Base: 7.8 Only Temporal: 7.8 Windows 7 for 32-bit Elevation 4480970 Important 4471318 Vector: Yes Systems Service Pack 1 of Privilege Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480960 Security Base: 7.8 Windows 7 for x64- Only Temporal: 7.8 Elevation based Systems Service 4480970 Important 4471318 Vector: Yes of Privilege Pack 1 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480960 Windows Server 2008 Security Base: 7.8 R2 for x64-based Only Temporal: 7.8 Elevation Systems Service Pack 1 4480970 Important 4471318 Vector: Yes of Privilege (Server Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: installation) Rollup H

CVE-2019-0543 4480960 Security Base: 7.8 Windows Server 2008 Only Temporal: 7.8 Elevation R2 for Itanium-Based 4480970 Important 4471318 Vector: Yes of Privilege Systems Service Pack 1 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480960 Security Base: 7.8 Windows Server 2008 Only Temporal: 7.8 Elevation R2 for x64-based 4480970 Important 4471318 Vector: Yes of Privilege Systems Service Pack 1 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480957 Security Base: 7.8 Windows Server 2008 Only Temporal: 7.8 for 32-bit Systems Elevation 4480968 Important 4471325 Vector: Yes Service Pack 2 (Server of Privilege Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Core installation) Rollup H

4480972 Elevation Base: 7.8 Windows Server 2012 Important 4471330 Yes Security of Privilege Temporal: 7.8

CVE-2019-0543 Only Vector: 4480975 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Monthly H Rollup

4480972 Security Base: 7.8 Windows Server 2012 Only Temporal: 7.8 Elevation (Server Core 4480975 Important 4471330 Vector: Yes of Privilege installation) Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480964 Security Base: 7.8 Only Temporal: 7.8 Windows 8.1 for 32-bit Elevation 4480963 Important 4471320 Vector: Yes systems of Privilege Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480963 Base: 7.8 Windows 8.1 for x64- Monthly Elevation Important 4471320 Temporal: 7.8 Yes based systems Rollup of Privilege Vector: 4480964

CVE-2019-0543 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Only H

4480963 Monthly Base: 7.8 Rollup Temporal: 7.8 Windows Server 2012 Elevation 4480964 Important 4471320 Vector: Yes R2 of Privilege Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Only H

Base: 7.8 4480963 Temporal: 7.8 Monthly Elevation Windows RT 8.1 Important 4471320 Vector: Yes Rollup of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H 4480963 Monthly Base: 7.8 Windows Server 2012 Rollup Temporal: 7.8 Elevation R2 (Server Core 4480964 Important 4471320 Vector: Yes of Privilege installation) Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Only H

CVE-2019-0543 Base: 7.8 4480962 Temporal: 7.8 Windows 10 for 32-bit Security Elevation Important 4483228 Vector: Yes Systems Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480962 Temporal: 7.8 Windows 10 for x64- Security Elevation Important 4483228 Vector: Yes based Systems Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Temporal: 7.8 Security Elevation Windows Server 2016 Important 4471321 Vector: Yes Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Temporal: 7.8 Windows 10 Version Security Elevation Important 4483229 Vector: Yes 1607 for 32-bit Systems Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows 10 Version Base: 7.8 4480961 Elevation 1607 for x64-based Important 4471321 Temporal: 7.8 Yes Security of Privilege Systems Vector:

CVE-2019-0543 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480961 Windows Server 2016 Temporal: 7.8 Security Elevation (Server Core Important 4471321 Vector: Yes Update of Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Temporal: 7.8 Windows 10 Version Security Elevation Important 4483229 Vector: Yes 1703 for 32-bit Systems Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation 1703 for x64-based Important 4483229 Vector: Yes Update of Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Temporal: 7.8 Windows 10 Version Security Elevation Important 4483232 Vector: Yes 1709 for 32-bit Systems Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0543 Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation 1709 for x64-based Important 4483232 Vector: Yes Update of Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows Server, Temporal: 7.8 Security Elevation version 1709 (Server Important 4483232 Vector: Yes Update of Privilege Core Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Temporal: 7.8 Windows 10 Version Security Elevation Important 4483234 Vector: Yes 1803 for 32-bit Systems Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation 1803 for x64-based Important 4483234 Vector: Yes Update of Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows Server, Base: 7.8 4480966 Elevation version 1803 (Server Important 4483234 Temporal: 7.8 Yes Security of Privilege Core Installation) Vector:

CVE-2019-0543 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation 1803 for ARM64-based Important 4483234 Vector: Yes Update of Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Temporal: 7.8 Windows 10 Version Security Elevation Important 4483235 Vector: Yes 1809 for 32-bit Systems Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation 1809 for x64-based Important 4483235 Vector: Yes Update of Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation 1809 for ARM64-based Important 4483235 Vector: Yes Update of Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0543 Base: 7.8 4480116 Temporal: 7.8 Security Elevation Windows Server 2019 Important 4483235 Vector: Yes Update of Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows Server 2019 Temporal: 7.8 Security Elevation (Server Core Important 4483235 Vector: Yes Update of Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation 1709 for ARM64-based Important 4483232 Vector: Yes Update of Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H 4480957 Security Base: 7.8 Windows Server 2008 Only Temporal: 7.8 Elevation for Itanium-Based 4480968 Important 4471325 Vector: Yes of Privilege Systems Service Pack 2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

CVE-2019-0543 4480957 Security Base: 7.8 Windows Server 2008 Only Temporal: 7.8 Elevation for 32-bit Systems 4480968 Important 4471325 Vector: Yes of Privilege Service Pack 2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480957 Security Base: 7.8 Windows Server 2008 Only Temporal: 7.8 Elevation for x64-based Systems 4480968 Important 4471325 Vector: Yes of Privilege Service Pack 2 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480957 Security Base: 7.8 Windows Server 2008 Only Temporal: 7.8 for x64-based Systems Elevation 4480968 Important 4471325 Vector: Yes Service Pack 2 (Server of Privilege Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Core installation) Rollup H

CVE-2019-0545 - .NET Framework Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: .NET Framework Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to CVE- prevent its bypass. 2019-0545 Information Disclo Important MITRE sure NVD FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is search criteria.

Mitigations: None

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0545 CVSS Restart Product KB Article Severity Impact Supersedence Score Set Required 4480059 Base: N/A Monthly Temporal: Microsoft .NET Framework 4.5.2 on Windows 7 for Information Di 4471987, Rollup Important N/A Maybe 32-bit Systems Service Pack 1 sclosure 3142033, 2972107 4480076 Vector: Security N/A

CVE-2019-0545 Only

4480059 Monthly Base: N/A Rollup Temporal: Microsoft .NET Framework 4.5.2 on Windows 7 for Information Di 4471987, 4480076 Important N/A Maybe x64-based Systems Service Pack 1 sclosure 3142033, 2972107 Security Vector: Only N/A

4480059 Monthly Base: N/A Microsoft .NET Framework 4.5.2 on Windows Server Rollup Temporal: Information Di 4471987, 2008 R2 for x64-based Systems Service Pack 1 (Server 4480076 Important N/A Maybe sclosure 3142033, 2972107 Core installation) Security Vector: Only N/A

4480059 Monthly Base: N/A Rollup Temporal: Microsoft .NET Framework 4.5.2 on Windows Server Information Di 4471987, 4480076 Important N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 sclosure 3142033, 2972107 Security Vector: Only N/A

CVE-2019-0545 4480075 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.5.2 on Windows Server Information Di 4461988, 4480058 Important N/A Maybe 2012 sclosure 3142032, 2978042 Monthly Vector: Rollup N/A

4480075 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.5.2 on Windows Server Information Di 4461988, 4480058 Important N/A Maybe 2012 (Server Core installation) sclosure 3142032, 2978042 Monthly Vector: Rollup N/A

4480074 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.5.2 on Windows 8.1 for Information Di 4461989, 4480057 Important N/A Maybe 32-bit systems sclosure 3142030, 2978041 Monthly Vector: Rollup N/A

Microsoft .NET Framework 4.5.2 on Windows 8.1 for 4480074 Information Di 4461989, Base: N/A Important Maybe x64-based systems Security sclosure 3142030, 2978041 Temporal:

CVE-2019-0545 Only N/A 4480057 Vector: Monthly N/A Rollup

4480074 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.5.2 on Windows Server Information Di 4461989, 4480057 Important N/A Maybe 2012 R2 sclosure 3142030, 2978041 Monthly Vector: Rollup N/A

Base: N/A 4480057 Temporal: Monthly Information Di 4461989, Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Important N/A Maybe Rollup sclosure 3142030, 2978041 Vector:

N/A 4480074 Base: N/A Security Temporal: Microsoft .NET Framework 4.5.2 on Windows Server Information Di 4461989, Only Important N/A Maybe 2012 R2 (Server Core installation) sclosure 3142030, 2978041 4480057 Vector: Monthly N/A

CVE-2019-0545 Rollup

4480076 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.5.2 on Windows Server Information Di 4461990, 4480059 Important N/A Maybe 2008 for 32-bit Systems Service Pack 2 sclosure 3142033, 2972107 Monthly Vector: Rollup N/A

4480076 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.5.2 on Windows Server Information Di 4461990, 4480059 Important N/A Maybe 2008 for x64-based Systems Service Pack 2 sclosure 3142033, 2972107 Monthly Vector: Rollup N/A

4480072 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.6 on Windows Server Information Di 4480055 Important 4471990, 3142037 N/A Maybe 2008 for 32-bit Systems Service Pack 2 sclosure Monthly Vector: Rollup N/A

CVE-2019-0545 4480072 Security Base: N/A Only Temporal: Microsoft .NET Framework 4.6 on Windows Server Information Di 4480055 Important 4471990, 3142037 N/A Maybe 2008 for x64-based Systems Service Pack 2 sclosure Monthly Vector: Rollup N/A

Base: N/A 4480966 Temporal: Microsoft .NET Framework 4.7.2 on Windows 10 Security Information Di Important 4483234 N/A Yes Version 1803 for 32-bit Systems Update sclosure Vector:

N/A Base: N/A 4480966 Temporal: Microsoft .NET Framework 4.7.2 on Windows 10 Security Information Di Important 4483234 N/A Yes Version 1803 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480966 Temporal: Microsoft .NET Framework 4.7.2 on Windows Server, Security Information Di Important 4483234 N/A Yes version 1803 (Server Core Installation) Update sclosure Vector:

N/A

CVE-2019-0545 Base: N/A 4480966 Temporal: Microsoft .NET Framework 4.7.2 on Windows 10 Security Information Di Important 4483234 N/A Yes Version 1803 for ARM64-based Systems Update sclosure Vector:

N/A Base: N/A 4480056 Temporal: Microsoft .NET Framework 4.7.2 on Windows 10 Monthly Information Di Important 4470502 N/A Maybe Version 1809 for 32-bit Systems Rollup sclosure Vector:

N/A Base: N/A 4480056 Temporal: Microsoft .NET Framework 4.7.2 on Windows 10 Monthly Information Di Important 4470502 N/A Maybe Version 1809 for x64-based Systems Rollup sclosure Vector:

N/A Base: N/A 4480056 Temporal: Microsoft .NET Framework 4.7.2 on Windows Server Monthly Information Di Important 4470502 N/A Maybe 2019 Rollup sclosure Vector:

N/A Base: N/A Microsoft .NET Framework 4.7.2 on Windows Server 4480056 Information Di Important 4470502 Temporal: Maybe 2019 (Server Core installation) Monthly sclosure N/A

CVE-2019-0545 Rollup Vector: N/A Base: N/A 4480962 Temporal: Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Security Information Di Important 4483228 N/A Yes Windows 10 for 32-bit Systems Update sclosure Vector:

N/A Base: N/A 4480962 Temporal: Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Security Information Di Important 4483228 N/A Yes Windows 10 for x64-based Systems Update sclosure Vector:

N/A 4480055 Monthly Base: N/A Microsoft .NET Framework Rollup Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit 4480072 Important 4471987, 3142037 N/A Maybe sclosure Systems Service Pack 1 Security Vector: Only N/A

4480055 Microsoft .NET Framework Base: N/A Monthly Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64- Important 4471987, 3142037 Temporal: Maybe Rollup sclosure based Systems Service Pack 1 N/A 4480072

CVE-2019-0545 Security Vector: Only N/A

4480055 Monthly Base: N/A Microsoft .NET Framework Rollup Temporal: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server Information Di 4480072 Important 4471987, 3142037 N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 (Server sclosure Security Vector: Core installation) Only N/A

4480055 Monthly Base: N/A Microsoft .NET Framework Rollup Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4480072 Important 4471987, 3142037 N/A Maybe sclosure 2008 R2 for x64-based Systems Service Pack 1 Security Vector: Only N/A

4480070 Base: N/A Microsoft .NET Framework Security Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server Only Important 4471988 N/A Maybe sclosure 2012 4480051 Vector: Monthly N/A

CVE-2019-0545 Rollup

4480070 Security Base: N/A Microsoft .NET Framework Only Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4480051 Important 4471988 N/A Maybe sclosure 2012 (Server Core installation) Monthly Vector: Rollup N/A

4480071 Security Base: N/A Microsoft .NET Framework Only Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32- 4480054 Important 4471989 N/A Maybe sclosure bit systems Monthly Vector: Rollup N/A

4480071 Security Base: N/A Microsoft .NET Framework Only Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64- 4480054 Important 4471989 N/A Maybe sclosure based systems Monthly Vector: Rollup N/A

CVE-2019-0545 4480071 Security Base: N/A Microsoft .NET Framework Only Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4480054 Important 4471989 N/A Maybe sclosure 2012 R2 Monthly Vector: Rollup N/A

Base: N/A 4480054 Temporal: Microsoft .NET Framework Monthly Information Di Important 4471989 N/A Maybe 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Rollup sclosure Vector:

N/A 4480071 Security Base: N/A Microsoft .NET Framework Only Temporal: Information Di 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4480054 Important 4471989 N/A Maybe sclosure 2012 R2 (Server Core installation) Monthly Vector: Rollup N/A

4480961 Base: N/A Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Security Information Di Important 4471321 Temporal: Yes Windows Server 2016 Update sclosure N/A

CVE-2019-0545 Vector: N/A Base: N/A 4480961 Temporal: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Security Information Di Important 4483229 N/A Yes Windows 10 Version 1607 for 32-bit Systems Update sclosure Vector:

N/A Base: N/A 4480961 Temporal: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Security Information Di Important 4471321 N/A Yes Windows 10 Version 1607 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480961 Temporal: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Security Information Di Important 4471321 N/A Yes Windows Server 2016 (Server Core installation) Update sclosure Vector:

N/A Base: N/A 4480973 Temporal: Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Security Information Di Important 4483229 N/A Yes Windows 10 Version 1703 for 32-bit Systems Update sclosure Vector:

N/A

CVE-2019-0545 Base: N/A 4480973 Temporal: Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Security Information Di Important 4483229 N/A Yes Windows 10 Version 1703 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480978 Temporal: Microsoft .NET Framework 4.7.1/4.7.2 on Windows Security Information Di Important 4483232 N/A Yes 10 Version 1709 for 32-bit Systems Update sclosure Vector:

N/A Base: N/A 4480978 Temporal: Microsoft .NET Framework 4.7.1/4.7.2 on Windows Security Information Di Important 4483232 N/A Yes 10 Version 1709 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480966 Temporal: Microsoft .NET Framework 4.7.1/4.7.2 on Windows Security Information Di Important 4483234 N/A Yes Server, version 1709 (Server Core Installation) Update sclosure Vector:

N/A Base: N/A Microsoft .NET Framework 4.7.1/4.7.2 on Windows 4480978 Information Di Important 4483232 Temporal: Yes 10 Version 1709 for ARM64-based Systems Security sclosure N/A

CVE-2019-0545 Update Vector: N/A Release Base: N/A Notes Temporal: Information Di .NET Core 2.1 Security Important 4483232 N/A Maybe sclosure Update Vector: N/A Release Base: N/A Notes Temporal: Information Di .NET Core 2.2 Security Important 4483232 N/A Maybe sclosure Update Vector: N/A 4480083 Security Base: N/A Only Temporal: Microsoft .NET Framework 3.5 on Windows Server Information Di 4480061 Important 4471988, 3142025 N/A Maybe 2012 sclosure Monthly Vector: Rollup N/A

4480083 Base: N/A Microsoft .NET Framework 3.5 on Windows Server Security Information Di Important 4471988, 3142025 Temporal: Maybe 2012 (Server Core installation) Only sclosure N/A 4480061

CVE-2019-0545 Monthly Vector: Rollup N/A

4480086 Security Base: N/A Only Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for Information Di 4480064 Important 4467226; 4471983 N/A Maybe 32-bit systems sclosure Monthly Vector: Rollup N/A

4480086 Security Base: N/A Only Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for Information Di 4480064 Important 4467226; 4471983 N/A Maybe x64-based systems sclosure Monthly Vector: Rollup N/A

4480086 Base: N/A Security Temporal: Microsoft .NET Framework 3.5 on Windows Server Information Di Only Important 4467226; 4471983 N/A Maybe 2012 R2 sclosure 4480064 Vector: Monthly N/A

CVE-2019-0545 Rollup

4480086 Security Base: N/A Only Temporal: Microsoft .NET Framework 3.5 on Windows Server Information Di 4480064 Important 4467226; 4471983 N/A Maybe 2012 R2 (Server Core installation) sclosure Monthly Vector: Rollup N/A

Base: N/A 4480962 Temporal: Microsoft .NET Framework 3.5 on Windows 10 for Security Information Di Important 4483228 N/A Yes 32-bit Systems Update sclosure Vector:

N/A Base: N/A 4480962 Temporal: Microsoft .NET Framework 3.5 on Windows 10 for Security Information Di Important 4483228 N/A Yes x64-based Systems Update sclosure Vector:

N/A 4480961 Base: N/A Microsoft .NET Framework 3.5 on Windows Server Security Information Di Important 4471321 Temporal: Yes 2016 Update sclosure N/A

CVE-2019-0545 Vector: N/A Base: N/A 4480961 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483229 N/A Yes Version 1607 for 32-bit Systems Update sclosure Vector:

N/A Base: N/A 4480961 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4471321 N/A Yes Version 1607 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480961 Temporal: Microsoft .NET Framework 3.5 on Windows Server Security Information Di Important 4471321 N/A Yes 2016 (Server Core installation) Update sclosure Vector:

N/A Base: N/A 4480973 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483229 N/A Yes Version 1703 for 32-bit Systems Update sclosure Vector:

N/A

CVE-2019-0545 Base: N/A 4480973 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483229 N/A Yes Version 1703 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480978 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483232 N/A Yes Version 1709 for 32-bit Systems Update sclosure Vector:

N/A Base: N/A 4480978 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483232 N/A Yes Version 1709 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480966 Temporal: Microsoft .NET Framework 3.5 on Windows Server, Security Information Di Important 4483234 N/A Yes version 1709 (Server Core Installation) Update sclosure Vector:

N/A Base: N/A Microsoft .NET Framework 3.5 on Windows 10 4480966 Information Di Important 4483234 Temporal: Yes Version 1803 for 32-bit Systems Security sclosure N/A

CVE-2019-0545 Update Vector: N/A Base: N/A 4480966 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483234 N/A Yes Version 1803 for x64-based Systems Update sclosure Vector:

N/A Base: N/A 4480966 Temporal: Microsoft .NET Framework 3.5 on Windows Server, Security Information Di Important 4483234 N/A Yes version 1803 (Server Core Installation) Update sclosure Vector:

N/A Base: N/A 4480966 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483234 N/A Yes Version 1803 for ARM64-based Systems Update sclosure Vector:

N/A Base: N/A 4480056 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Monthly Information Di Important 4470502 N/A Maybe Version 1809 for 32-bit Systems Rollup sclosure Vector:

N/A

CVE-2019-0545 Base: N/A 4480056 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Monthly Information Di Important 4470502 N/A Maybe Version 1809 for x64-based Systems Rollup sclosure Vector:

N/A Base: N/A 4480056 Temporal: Microsoft .NET Framework 3.5 on Windows Server Monthly Information Di Important 4470502 N/A Maybe 2019 Rollup sclosure Vector:

N/A Base: N/A 4480056 Temporal: Microsoft .NET Framework 3.5 on Windows Server Monthly Information Di Important 4470502 N/A Maybe 2019 (Server Core installation) Rollup sclosure Vector:

N/A Base: N/A 4480978 Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Information Di Important 4483232 N/A Yes Version 1709 for ARM64-based Systems Update sclosure Vector:

N/A Microsoft .NET Framework 3.0 Service Pack 2 on 4480084 Base: N/A Information Di Windows Server 2008 for Itanium-Based Systems Security Important 4471990 Temporal: Maybe sclosure Service Pack 2 Only N/A

CVE-2019-0545 4480062 Vector: Monthly N/A Rollup

4480084 Security Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Only Temporal: Information Di Windows Server 2008 for 32-bit Systems Service Pack 4480062 Important 4471990 N/A Maybe sclosure 2 Monthly Vector: Rollup N/A

4480084 Security Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Only Temporal: Information Di Windows Server 2008 for x64-based Systems Service 4480062 Important 4471990 N/A Maybe sclosure Pack 2 Monthly Vector: Rollup N/A

4480084 Base: N/A Microsoft .NET Framework 2.0 Service Pack 2 on Security Temporal: Information Di Windows Server 2008 for Itanium-Based Systems Only Important 4471990 N/A Maybe sclosure Service Pack 2 4480062 Vector: Monthly N/A

CVE-2019-0545 Rollup

4480084 Security Base: N/A Microsoft .NET Framework 2.0 Service Pack 2 on Only Temporal: Information Di Windows Server 2008 for 32-bit Systems Service Pack 4480062 Important 4471990 N/A Maybe sclosure 2 Monthly Vector: Rollup N/A

4480084 Security Base: N/A Microsoft .NET Framework 2.0 Service Pack 2 on Only Temporal: Information Di Windows Server 2008 for x64-based Systems Service 4480062 Important 4471990 N/A Maybe sclosure Pack 2 Monthly Vector: Rollup N/A

4480085 Security Base: N/A Only Temporal: Microsoft .NET Framework 3.5.1 on Windows 7 for Information Di 4480063 Important 4471987, 3142024 N/A Maybe 32-bit Systems Service Pack 1 sclosure Monthly Vector: Rollup N/A

CVE-2019-0545 4480085 Security Base: N/A Only Temporal: Microsoft .NET Framework 3.5.1 on Windows 7 for Information Di 4480063 Important 4471987, 3142024 N/A Maybe x64-based Systems Service Pack 1 sclosure Monthly Vector: Rollup N/A

4480085 Security Base: N/A Microsoft .NET Framework 3.5.1 on Windows Server Only Temporal: Information Di 2008 R2 for x64-based Systems Service Pack 1 (Server 4480063 Important 4471987, 3142024 N/A Maybe sclosure Core installation) Monthly Vector: Rollup N/A

4480085 Security Base: N/A Only Temporal: Microsoft .NET Framework 3.5.1 on Windows Server Information Di 4480063 Important 4471987, 3142024 N/A Maybe 2008 R2 for Itanium-Based Systems Service Pack 1 sclosure Monthly Vector: Rollup N/A

Microsoft .NET Framework 3.5.1 on Windows Server 4480085 Information Di Base: N/A Important 4471987, 3142024 Maybe 2008 R2 for x64-based Systems Service Pack 1 Security sclosure Temporal:

CVE-2019-0545 Only N/A 4480063 Vector: Monthly N/A Rollup

CVE-2019-0546 - Visual Studio Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Visual Studio when the C++ compiler CVE- improperly handles specific combinations of C++ constructs. An attacker who successfully 2019- exploited the vulnerability could run arbitrary code in the context of the current user. If the Remote Code 0546 Moderate current user is logged on with administrative user rights, an attacker could take control of the Execution MITRE affected system. An attacker could then install programs; view, change, or delete data; or create NVD new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Exploitation of the vulnerability requires that a user open a specially crafted file which was compiled with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file. The security update addresses the vulnerability by correcting how the Visual Studio C++ compiler handles certain C++ constructs.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0546 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Release Notes Security Base: N/A Microsoft Visual Studio 2017 Remote Code Update Moderate Temporal: N/A Maybe version 15.9 Execution Vector: N/A

CVE-2019-0547 - Windows DHCP Client Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Windows DHCP Client Remote Code Execution Vulnerability Remote Code 2019- Critical Description: Execution 0547

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE A memory corruption vulnerability exists in the Windows DHCP client when an attacker NVD sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0547 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Base: 9.8 Windows 10 4480966 Remote Temporal: 8.8 Version Security Critical Code 4483234 Vector: Yes 1803 for 32- Update Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC bit Systems :C Windows 10 Base: 9.8 4480966 Version Remote Temporal: 8.8 Security 1803 for Critical Code 4483234 Vector: Yes Update x64-based Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC

Systems :C Windows Base: 9.8 4480966 Server, Remote Temporal: 8.8 Security version 1803 Critical Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC

Installation) :C

CVE-2019-0547 Windows 10 Base: 9.8 Version 4480966 Remote Temporal: 8.8 1803 for Security Critical Code 4483234 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC based :C Systems

CVE-2019-0548 - ASP.NET Core Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: ASP.NET Core Denial of Service Vulnerability Description: CVE- A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. 2019- An attacker who successfully exploited this vulnerability could cause a denial of service against Denial of 0548 an ASP.NET Core web application. The vulnerability can be exploited remotely, without Important Service MITRE authentication. NVD A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0548 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required

CVE-2019-0548 Base: N/A Release Notes Security Update ASP.NET Core 2.1 Important Denial of Service Temporal: N/A Maybe

Vector: N/A Base: N/A Release Notes Security Update ASP.NET Core 2.2 Important Denial of Service Temporal: N/A Maybe

Vector: N/A

CVE-2019-0549 - Windows Kernel Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles CVE- objects in memory. An attacker who successfully exploited this vulnerability could obtain 2019- information to further compromise the user's system. Information Disc 0549 Important losure MITRE To exploit this vulnerability, an attacker would have to log on to an affected system and run a NVD specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0549 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 4.7 for 32-bit Only Temporal: 4.2 Information Systems 4480970 Important 4471318 Vector: Yes Disclosure Service Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 1 Rollup C:C

Windows 4480960 Information Base: 4.7 Important 4471318 Yes Server 2008 Security Disclosure Temporal: 4.2

CVE-2019-0549 R2 for x64- Only Vector: based 4480970 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems Monthly C:C Service Rollup Pack 1 (Server Core installation) Windows 4480960 Server 2008 Security Base: 4.7 R2 for Only Temporal: 4.2 Itanium- Information 4480970 Important 4471318 Vector: Yes Based Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems Rollup C:C Service

CVE-2019-0549 Windows Server 2008 4480957 for 32-bit Security Base: 4.7 Systems Only Temporal: 4.2 Information Service 4480968 Important 4471325 Vector: Yes Disclosure Pack 2 Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R (Server Rollup C:C Core installation) 4480972 Security Base: 4.7 Only Temporal: 4.2 Windows Information 4480975 Important 4471330 Vector: Yes Server 2012 Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Rollup C:C

CVE-2019-0549 4480964 Security Base: 4.7 Windows Only Temporal: 4.2 Information 8.1 for 32- 4480963 Important 4471320 Vector: Yes Disclosure bit systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Rollup C:C

4480963 Monthly Base: 4.7 Windows Rollup Temporal: 4.2 8.1 for x64- Information 4480964 Important 4471320 Vector: Yes based Disclosure Security CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R systems Only C:C

Windows 4480963 Information Base: 4.7 Important 4471320 Yes RT 8.1 Monthly Disclosure Temporal: 4.2

CVE-2019-0549 Rollup Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R C:C 4480963 Windows Monthly Base: 4.7 Server 2012 Rollup Temporal: 4.2 Information R2 (Server 4480964 Important 4471320 Vector: Yes Disclosure Core Security CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) Only C:C

Base: 4.7 4480962 Windows Temporal: 4.2 Security Information 10 for 32- Important 4483228 Vector: Yes Update Disclosure bit Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Base: 4.7 Windows 4480962 Temporal: 4.2 10 for x64- Security Information Important 4483228 Vector: Yes based Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems C:C Base: 4.7 Windows 4480961 Information Important 4471321 Temporal: 4.2 Yes Server 2016 Security Disclosure Vector:

CVE-2019-0549 Update CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R C:C Base: 4.7 Windows 4480961 Temporal: 4.2 10 Version Security Information Important 4483229 Vector: Yes 1607 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480961 10 Version Temporal: 4.2 Security Information 1607 for Important 4471321 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

CVE-2019-0549 Windows Base: 4.7 4480973 10 Version Temporal: 4.2 Security Information 1703 for Important 4483229 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C Base: 4.7 Windows 4480978 Temporal: 4.2 10 Version Security Information Important 4483232 Vector: Yes 1709 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480978 10 Version Temporal: 4.2 Security Information 1709 for Important 4483232 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Core C:C Installation)

CVE-2019-0549 Base: 4.7 Windows 4480966 Temporal: 4.2 10 Version Security Information Important 4483234 Vector: Yes 1803 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480966 10 Version Temporal: 4.2 Security Information 1803 for Important 4483234 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C Windows Server, Base: 4.7 4480966 version Temporal: 4.2 Security Information 1803 Important 4483234 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

CVE-2019-0549 Base: 4.7 Windows 4480116 Temporal: 4.2 10 Version Security Information Important 4483235 Vector: Yes 1809 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480116 10 Version Temporal: 4.2 Security Information 1809 for Important 4483235 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C Windows Base: 4.7 10 Version 4480116 Temporal: 4.2 1809 for Security Information Important 4483235 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R based C:C Systems Base: 4.7 4480116 Temporal: 4.2 Windows Security Information Important 4483235 Vector: Yes Server 2019 Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Windows 4480116 Information Base: 4.7 Important 4483235 Yes Server 2019 Security Disclosure Temporal: 4.2

CVE-2019-0549 (Server Update Vector: Core CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) C:C Windows Base: 4.7 10 Version 4480978 Temporal: 4.2 1709 for Security Information Important 4483232 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R based C:C Systems Windows 4480957 Server 2008 Security Base: 4.7 for Itanium- Only Temporal: 4.2 Information Based 4480968 Important 4471325 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2 4480957 Windows Security Base: 4.7 Server 2008 Only Temporal: 4.2 for 32-bit Information 4480968 Important 4471325 Vector: Yes Systems Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2

CVE-2019-0549 Windows 4480957 Server 2008 Security Base: 4.7 for x64- Only Temporal: 4.2 Information based 4480968 Important 4471325 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2 Windows Server 2008 4480957 for x64- Security Base: 4.7 based Only Temporal: 4.2 Systems Information 4480968 Important 4471325 Vector: Yes Service Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 2 Rollup C:C (Server

Core installation)

CVE-2019-0550 - Windows Hyper-V Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Hyper-V Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. CVE- 2019- An attacker who successfully exploited the vulnerability could execute arbitrary code on the Remote Code 0550 host operating system. Critical Execution MITRE The security update addresses the vulnerability by correcting how Hyper-V validates guest NVD operating system user input.

FAQ: None Mitigations: None

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0550 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Base: 7.6 Windows 10 4480966 Remote Temporal: 6.8 Version Security Critical Code 4483234 Vector: Yes 1803 for 32- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC bit Systems :C

CVE-2019-0550 Windows 10 Base: 7.6 4480966 Version Remote Temporal: 6.8 Security 1803 for Critical Code 4483234 Vector: Yes Update x64-based Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

Systems :C Windows Base: 7.6 4480966 Server, Remote Temporal: 6.8 Security version 1803 Critical Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

Installation) :C Windows 10 Base: 7.6 Version 4480966 Remote Temporal: 6.8 1803 for Security Critical Code 4483234 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC based :C Systems Base: 7.6 Windows 10 4480116 Remote Temporal: 6.8 Version Security Critical Code 4483235 Vector: Yes 1809 for 32- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC bit Systems :C

CVE-2019-0550 Windows 10 Base: 7.6 4480116 Version Remote Temporal: 6.8 Security 1809 for Critical Code 4483235 Vector: Yes Update x64-based Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

Systems :C Windows 10 Base: 7.6 Version 4480116 Remote Temporal: 6.8 1809 for Security Critical Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC based :C Systems Base: 7.6 4480116 Remote Temporal: 6.8 Windows Security Critical Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

:C Base: 7.6 Windows 4480116 Remote Temporal: 6.8 Server 2019 Security Critical Code 4483235 Vector: Yes (Server Core Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC installation) :C

CVE-2019-0551 - Windows Hyper-V Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Hyper-V Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. CVE- 2019- An attacker who successfully exploited the vulnerability could execute arbitrary code on the Remote Code 0551 host operating system. Critical Execution MITRE The security update addresses the vulnerability by correcting how Hyper-V validates guest NVD operating system user input.

FAQ: None Mitigations: None

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0551 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Base: 7.6 4480961 Remote Temporal: 6.8 Windows Security Critical Code 4471321 Vector: Yes Server 2016 Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

CVE-2019-0551 Base: 7.6 Windows 10 4480961 Remote Temporal: 6.8 Version Security Critical Code 4483229 Vector: Yes 1607 for 32- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC bit Systems :C Windows 10 Base: 7.6 4480961 Version Remote Temporal: 6.8 Security 1607 for Critical Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

Systems :C Base: 7.6 Windows 4480961 Remote Temporal: 6.8 Server 2016 Security Critical Code 4471321 Vector: Yes (Server Core Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC installation) :C Base: 7.6 Windows 10 4480973 Remote Temporal: 6.8 Version Security Critical Code 4483229 Vector: Yes 1703 for 32- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC bit Systems :C Windows 10 Remote Base: 7.6 4480973 Version Critical Code 4483229 Temporal: 6.8 Yes Security 1703 for Execution Vector:

CVE-2019-0551 x64-based Update CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC Systems :C Base: 7.6 Windows 10 4480978 Remote Temporal: 6.8 Version Security Critical Code 4483232 Vector: Yes 1709 for 32- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC bit Systems :C Windows 10 Base: 7.6 4480978 Version Remote Temporal: 6.8 Security 1709 for Critical Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

Systems :C Windows Base: 7.6 4480978 Server, Remote Temporal: 6.8 Security version 1709 Critical Code 4483232 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

Installation) :C Base: 7.6 Windows 10 4480966 Remote Temporal: 6.8 Version Security Critical Code 4483234 Vector: Yes 1803 for 32- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC bit Systems :C

CVE-2019-0551 Windows 10 Base: 7.6 4480966 Version Remote Temporal: 6.8 Security 1803 for Critical Code 4483234 Vector: Yes Update x64-based Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

CVE-2019-0551 Windows 10 Base: 7.6 4480116 Version Remote Temporal: 6.8 Security 1809 for Critical Code 4483235 Vector: Yes Update x64-based Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC

CVE-2019-0551 Windows 10 Base: 7.6 Version 4480978 Remote Temporal: 6.8 1709 for Security Critical Code 4483232 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC based :C Systems

CVE-2019-0552 - Windows COM Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows COM Elevation of Privilege Vulnerability Description: An elevation of privilege exists in Windows COM Desktop Broker. An attacker who CVE- successfully exploited the vulnerability could run arbitrary code with elevated privileges. 2019- Elevation of 0552 To exploit the vulnerability, an attacker could run a specially crafted application that could Important Privilege MITRE exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. NVD However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The update addresses the vulnerability by correcting how Windows COM Desktop Broker processes interface requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0552 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480964 Security Base: 7 Windows 8.1 Only Elevation Temporal: 6.3 for 32-bit 4480963 Important of 4471320 Vector: Yes systems Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

4480963 Monthly Base: 7 Windows 8.1 Rollup Elevation Temporal: 6.3 for x64- 4480964 Important of 4471320 Vector: Yes based Security Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

4480963 Monthly Base: 7 Windows Rollup Elevation Temporal: 6.3 Server 2012 4480964 Important of 4471320 Vector: Yes R2 Security Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R Only C:C

CVE-2019-0552 Base: 7 4480963 Elevation Temporal: 6.3 Windows Monthly Important of 4471320 Vector: Yes RT 8.1 Rollup Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Monthly Base: 7 Server 2012 Rollup Elevation Temporal: 6.3 R2 (Server 4480964 Important of 4471320 Vector: Yes Core Security Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7 4480962 Windows 10 Elevation Temporal: 6.3 Security for 32-bit Important of 4483228 Vector: Yes Update Systems Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C Base: 7 Windows 10 4480962 Elevation Temporal: 6.3 for x64- Security Important of 4483228 Vector: Yes based Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems C:C

CVE-2019-0552 Base: 7 4480961 Elevation Temporal: 6.3 Windows Security Important of 4471321 Vector: Yes Server 2016 Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C Base: 7 Windows 10 4480961 Elevation Temporal: 6.3 Version Security Important of 4483229 Vector: Yes 1607 for 32- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480961 Version Elevation Temporal: 6.3 Security 1607 for Important of 4471321 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Base: 7 Windows 4480961 Elevation Temporal: 6.3 Server 2016 Security Important of 4471321 Vector: Yes (Server Core Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) C:C Elevation Base: 7 Windows 10 4480973 Important of 4483229 Temporal: 6.3 Yes Version Security Privilege Vector:

CVE-2019-0552 1703 for 32- Update CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480973 Version Elevation Temporal: 6.3 Security 1703 for Important of 4483229 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Base: 7 Windows 10 4480978 Elevation Temporal: 6.3 Version Security Important of 4483232 Vector: Yes 1709 for 32- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480978 Version Elevation Temporal: 6.3 Security 1709 for Important of 4483232 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Windows Base: 7 4480978 Server, Elevation Temporal: 6.3 Security version 1709 Important of 4483232 Vector: Yes Update (Server Core Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Installation) C:C

CVE-2019-0552 Base: 7 Windows 10 4480966 Elevation Temporal: 6.3 Version Security Important of 4483234 Vector: Yes 1803 for 32- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480966 Version Elevation Temporal: 6.3 Security 1803 for Important of 4483234 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Windows Base: 7 4480966 Server, Elevation Temporal: 6.3 Security version 1803 Important of 4483234 Vector: Yes Update (Server Core Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Installation) C:C Windows 10 Base: 7 Version 4480966 Elevation Temporal: 6.3 1803 for Security Important of 4483234 Vector: Yes ARM64- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems

CVE-2019-0552 Base: 7 Windows 10 4480116 Elevation Temporal: 6.3 Version Security Important of 4483235 Vector: Yes 1809 for 32- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480116 Version Elevation Temporal: 6.3 Security 1809 for Important of 4483235 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Windows 10 Base: 7 Version 4480116 Elevation Temporal: 6.3 1809 for Security Important of 4483235 Vector: Yes ARM64- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7 4480116 Elevation Temporal: 6.3 Windows Security Important of 4483235 Vector: Yes Server 2019 Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C

CVE-2019-0552 Base: 7 Windows 4480116 Elevation Temporal: 6.3 Server 2019 Security Important of 4483235 Vector: Yes (Server Core Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) C:C Windows 10 Base: 7 Version 4480978 Elevation Temporal: 6.3 1709 for Security Important of 4483232 Vector: Yes ARM64- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems

CVE-2019-0553 - Windows Subsystem for Linux Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Windows Subsystem for Linux Information Disclosure Vulnerability Information Discl 2019- Important Description: osure 0553

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE An information disclosure vulnerability exists when Windows Subsystem for Linux NVD improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. A attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0553 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Base: 4.7 Windows 4480973 Temporal: 4.2 10 Version Security Information Important 4483229 Vector: Yes 1703 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480973 10 Version Temporal: 4.2 Security Information 1703 for Important 4483229 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C

CVE-2019-0553 Base: 4.7 Windows 4480978 Temporal: 4.2 10 Version Security Information Important 4483232 Vector: Yes 1709 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480978 10 Version Temporal: 4.2 Security Information 1709 for Important 4483232 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

CVE-2019-0553 Windows Base: 4.7 4480966 10 Version Temporal: 4.2 Security Information 1803 for Important 4483234 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

CVE-2019-0553 Windows Base: 4.7 4480116 10 Version Temporal: 4.2 Security Information 1809 for Important 4483235 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Windows Base: 4.7 4480116 Server 2019 Temporal: 4.2 Security Information (Server Important 4483235 Vector: Yes Update Disclosure Core CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) C:C Windows 4480978 Information Base: 4.7 Important 4483232 Yes 10 Version Security Disclosure Temporal: 4.2

CVE-2019-0553 1709 for Update Vector: ARM64- CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R based C:C Systems

CVE-2019-0554 - Windows Kernel Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain CVE- information to further compromise the user's system. 2019- Information Disc 0554 To exploit this vulnerability, an attacker would have to log on to an affected system and run a Important losure MITRE specially crafted application. The vulnerability would not allow an attacker to execute code or to NVD elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.

Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0554 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 4.7 for 32-bit Only Temporal: 4.2 Information Systems 4480970 Important 4471318 Vector: Yes Disclosure Service Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 1 Rollup C:C

Windows 4480960 Server 2008 Security Base: 4.7 R2 for x64- Only Temporal: 4.2 Information based 4480970 Important 4471318 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 1

CVE-2019-0554 (Server Core installation) Windows 4480960 Server 2008 Security Base: 4.7 R2 for Only Temporal: 4.2 Itanium- Information 4480970 Important 4471318 Vector: Yes Based Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems Rollup C:C Service

Pack 1 Windows 4480960 Server 2008 Security Base: 4.7 R2 for x64- Only Temporal: 4.2 Information based 4480970 Important 4471318 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 1 Windows 4480957 Base: 4.7 Server 2008 Security Temporal: 4.2 Information for 32-bit Only Important 4471325 Vector: Yes Disclosure Systems 4480968 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Monthly C:C

CVE-2019-0554 Pack 2 Rollup (Server Core installation) 4480972 Security Base: 4.7 Only Temporal: 4.2 Windows Information 4480975 Important 4471330 Vector: Yes Server 2012 Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Rollup C:C

4480964 Base: 4.7 Windows Security Temporal: 4.2 Information 8.1 for 32- Only Important 4471320 Vector: Yes Disclosure bit systems 4480963 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Monthly C:C

CVE-2019-0554 Rollup

Base: 4.7 4480963 Temporal: 4.2 Windows Monthly Information Important 4471320 Vector: Yes RT 8.1 Rollup Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Windows 4480963 Information Base: 4.7 Important 4471320 Yes Server 2012 Monthly Disclosure Temporal: 4.2

CVE-2019-0554 R2 (Server Rollup Vector: Core 4480964 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) Security C:C Only

Base: 4.7 4480962 Windows Temporal: 4.2 Security Information 10 for 32- Important 4483228 Vector: Yes Update Disclosure bit Systems CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Base: 4.7 Windows 4480961 Information Important 4483229 Temporal: 4.2 Yes 10 Version Security Disclosure Vector:

CVE-2019-0554 1607 for 32- Update CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480961 10 Version Temporal: 4.2 Security Information 1607 for Important 4471321 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

Systems C:C

CVE-2019-0554 Base: 4.7 Windows 4480978 Temporal: 4.2 10 Version Security Information Important 4483232 Vector: Yes 1709 for 32- Update Disclosure CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R bit Systems C:C Windows Base: 4.7 4480978 10 Version Temporal: 4.2 Security Information 1709 for Important 4483232 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

CVE-2019-0554 Windows Base: 4.7 4480966 10 Version Temporal: 4.2 Security Information 1803 for Important 4483234 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

CVE-2019-0554 Windows Base: 4.7 4480116 10 Version Temporal: 4.2 Security Information 1809 for Important 4483235 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R

C:C Windows Base: 4.7 4480116 Server 2019 Temporal: 4.2 Security Information (Server Important 4483235 Vector: Yes Update Disclosure Core CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R installation) C:C Windows 4480978 Information Base: 4.7 Important 4483232 Yes 10 Version Security Disclosure Temporal: 4.2

CVE-2019-0554 1709 for Update Vector: ARM64- CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R based C:C Systems Windows 4480957 Server 2008 Security Base: 4.7 for Itanium- Only Temporal: 4.2 Information Based 4480968 Important 4471325 Vector: Yes Disclosure Systems Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2 4480957 Windows Security Base: 4.7 Server 2008 Only Temporal: 4.2 for 32-bit Information 4480968 Important 4471325 Vector: Yes Systems Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Service Rollup C:C Pack 2

Windows 4480957 Base: 4.7 Server 2008 Security Temporal: 4.2 Information for x64- Only Important 4471325 Vector: Yes Disclosure based 4480968 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Systems Monthly C:C

CVE-2019-0554 Service Rollup Pack 2 Windows Server 2008 4480957 for x64- Security Base: 4.7 based Only Temporal: 4.2 Systems Information 4480968 Important 4471325 Vector: Yes Service Disclosure Monthly CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R Pack 2 Rollup C:C (Server

Core installation)

CVE-2019-0555 - Microsoft XmlDocument Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Microsoft XmlDocument Elevation of Privilege Vulnerability Elevation of Important 2019- Description: Privilege

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact 0555 An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could MITRE allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who NVD successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how the Microsoft XmlDocument class enforces sandboxing.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0555 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480972 Security Base: 7 Only Elevation Temporal: 6.3 Windows 4480975 Important of 4471330 Vector: Yes Server 2012 Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

4480972 Security Base: 7 Windows Only Elevation Temporal: 6.3 Server 2012 4480975 Important of 4471330 Vector: Yes (Server Core Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Rollup C:C

CVE-2019-0555 4480964 Security Base: 7 Windows 8.1 Only Elevation Temporal: 6.3 for 32-bit 4480963 Important of 4471320 Vector: Yes systems Monthly Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0555 Base: 7 4480963 Elevation Temporal: 6.3 Windows Monthly Important of 4471320 Vector: Yes RT 8.1 Rollup Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Base: 7 4480962 Windows 10 Elevation Temporal: 6.3 Security for 32-bit Important of 4483228 Vector: Yes Update Systems Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C Base: 7 Windows 10 4480962 Elevation Temporal: 6.3 for x64- Security Important of 4483228 Vector: Yes based Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems C:C

CVE-2019-0555 Base: 7 4480961 Elevation Temporal: 6.3 Windows Security Important of 4471321 Vector: Yes Server 2016 Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0555 1703 for 32- Update CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480973 Version Elevation Temporal: 6.3 Security 1703 for Important of 4483229 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

Installation) C:C

CVE-2019-0555 Base: 7 Windows 10 4480966 Elevation Temporal: 6.3 Version Security Important of 4483234 Vector: Yes 1803 for 32- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480966 Version Elevation Temporal: 6.3 Security 1803 for Important of 4483234 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0555 Base: 7 Windows 10 4480116 Elevation Temporal: 6.3 Version Security Important of 4483235 Vector: Yes 1809 for 32- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7 4480116 Version Elevation Temporal: 6.3 Security 1809 for Important of 4483235 Vector: Yes Update x64-based Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C

CVE-2019-0555 Base: 7 Windows 4480116 Elevation Temporal: 6.3 Server 2019 Security Important of 4483235 Vector: Yes (Server Core Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) C:C Windows 10 Base: 7 Version 4480978 Elevation Temporal: 6.3 1709 for Security Important of 4483232 Vector: Yes ARM64- Update Privilege CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems

CVE-2019-0556 - Microsoft Office SharePoint XSS Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Microsoft Office SharePoint XSS Vulnerability 2019- Description: 0556 Important Spoofing A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not MITRE properly sanitize a specially crafted web request to an affected SharePoint server. An NVD

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0556 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4461596 Security Base: N/A Microsoft SharePoint Enterprise Server 2013 Update Important Spoofing 4461558 Temporal: N/A Maybe Service Pack 1 Vector: N/A

CVE-2019-0557 - Microsoft Office SharePoint XSS Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Office SharePoint XSS Vulnerability CVE- Description: 2019- A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not 0557 properly sanitize a specially crafted web request to an affected SharePoint server. An Important Spoofing MITRE authenticated attacker could exploit the vulnerability by sending a specially crafted request to an NVD affected SharePoint server.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0557 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4461598 Security Base: N/A Microsoft SharePoint Enterprise Server Update Important Spoofing 4461541 Temporal: N/A Maybe 2016 Vector: N/A

CVE-2019-0558 - Microsoft Office SharePoint XSS Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Office SharePoint XSS Vulnerability CVE- Description: 2019- A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not 0558 properly sanitize a specially crafted web request to an affected SharePoint server. An Important Spoofing MITRE authenticated attacker could exploit the vulnerability by sending a specially crafted request to an NVD affected SharePoint server.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0558 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4461624 Security Base: N/A Microsoft Business Productivity Servers 2010 Update Important Spoofing 4461465 Temporal: N/A Maybe Service Pack 2 Vector: N/A 4461598 Security Base: N/A Microsoft SharePoint Enterprise Server 2016 Update Important Spoofing 4461541 Temporal: N/A Maybe Vector: N/A 4461591 Security Base: N/A Microsoft SharePoint Enterprise Server 2013 Update Important Spoofing 4461549 Temporal: N/A Maybe Service Pack 1 Vector: N/A 4461634 Security Base: N/A Microsoft SharePoint Server 2019 Update Important Spoofing 4461548 Temporal: N/A Maybe Vector: N/A

CVE-2019-0559 - Microsoft Outlook Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Outlook Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker who successfully exploited this vulnerability could gather information about the victim. An attacker could exploit this vulnerability by sending a specially crafted email to the victim.

CVE- The update addresses the vulnerability by correcting the way Microsoft Outlook handles 2019- these types of messages. Information Discl 0559 Important osure MITRE FAQ: NVD What type of information could be disclosed by this vulnerability? A victim could automatically download external content, which could disclose information to an attacker.

Mitigations: None

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0559 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4461595 Security Microsoft Outlook 2013 RT Service Information Disclo Temporal: Update Important 4461556 Maybe Pack 1 sure N/A

Vector: N/A

CVE-2019-0559 Base: N/A 4461623 Security Microsoft Outlook 2010 Service Pack Information Disclo Temporal: Update Important 4461576 Maybe 2 (32-bit editions) sure N/A

Vector: N/A Base: N/A 4461623 Security Microsoft Outlook 2010 Service Pack Information Disclo Temporal: Update Important 4461576 Maybe 2 (64-bit editions) sure N/A

Vector: N/A Base: N/A 4461601 Security Microsoft Outlook 2016 (32-bit Information Disclo Temporal: Update Important 4461544 Maybe edition) sure N/A

Vector: N/A Base: N/A 4461601 Security Microsoft Outlook 2016 (64-bit Information Disclo Temporal: Update Important 4461544 Maybe edition) sure N/A

Vector: N/A Base: N/A 4461595 Security Microsoft Outlook 2013 Service Pack Information Disclo Temporal: Update Important 4461556 Maybe 1 (32-bit editions) sure N/A

Vector: N/A 4461595 Security Microsoft Outlook 2013 Service Pack Information Disclo Base: N/A Update Important 4461556 Maybe 1 (64-bit editions) sure Temporal:

CVE-2019-0559 N/A Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 32-bit Information Disclo Temporal: Update Important 4461556 No editions sure N/A

Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 64-bit Information Disclo Temporal: Update Important 4461556 No editions sure N/A

Vector: N/A Base: N/A Click to Run Security Information Disclo Temporal: Office 365 ProPlus for 32-bit Systems Update Important 4461556 No sure N/A

Vector: N/A Base: N/A Click to Run Security Information Disclo Temporal: Office 365 ProPlus for 64-bit Systems Update Important 4461556 No sure N/A

Vector: N/A

CVE-2019-0560 - Microsoft Office Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Office Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was CVE- created. 2019- Information Discl 0560 The update addresses the vulnerability by changing the way certain functions handle objects Important osure MITRE in memory. NVD FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0560 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4461614 Security Microsoft Office 2010 Service Pack 2 Information Disclo Temporal: Update Important 4092483 Maybe (32-bit editions) sure N/A

Vector: N/A

CVE-2019-0560 Base: N/A 4461614 Security Microsoft Office 2010 Service Pack 2 Information Disclo Temporal: Update Important 4092483 Maybe (64-bit editions) sure N/A

Vector: N/A Base: N/A 4461537 Security Microsoft Office 2013 Service Pack 1 Information Disclo Temporal: Update Important 4461445 Maybe (32-bit editions) sure N/A

Vector: N/A Base: N/A 4461537 Security Microsoft Office 2013 Service Pack 1 Information Disclo Temporal: Update Important 4461445 Maybe (64-bit editions) sure N/A

Vector: N/A Base: N/A 4461537 Security Microsoft Office 2013 RT Service Information Disclo Temporal: Update Important 4461445 Maybe Pack 1 sure N/A

Vector: N/A Base: N/A 4461535 Security Information Disclo Temporal: Microsoft Office 2016 (32-bit edition) Update Important 4461437 Maybe sure N/A

Vector: N/A 4461535 Security Information Disclo Base: N/A Microsoft Office 2016 (64-bit edition) Update Important 4461437 Maybe sure Temporal:

CVE-2019-0560 N/A Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 32-bit Information Disclo Temporal: Update Important 4461437 No editions sure N/A

Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 64-bit Information Disclo Temporal: Update Important 4461437 No editions sure N/A

Vector: N/A Base: N/A Click to Run Security Information Disclo Temporal: Office 365 ProPlus for 32-bit Systems Update Important 4461437 No sure N/A

Vector: N/A Base: N/A Click to Run Security Information Disclo Temporal: Office 365 ProPlus for 64-bit Systems Update Important 4461437 No sure N/A

Vector: N/A

CVE-2019-0561 - Microsoft Word Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Word Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. An attacker who successfully exploited this vulnerability could read arbitrary files from a targeted system. To exploit the vulnerability, an attacker could craft a special document file and convince the user to open it. An attacker must know the file location whose data they wish to exfiltrate. CVE- 2019- The update addresses the vulnerability by changing the way certain Word functions handle Information Discl 0561 security warnings Important osure MITRE NVD FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.

Mitigations:

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0561 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4461625 Security Microsoft Word 2010 Service Pack 2 (32-bit Information Discl Temporal: Update Important 4461526 Maybe editions) osure N/A

Vector: N/A

CVE-2019-0561 Base: N/A 4461625 Security Microsoft Word 2010 Service Pack 2 (64-bit Information Discl Temporal: Update Important 4461526 Maybe editions) osure N/A

Vector: N/A Base: N/A 4461617 Security Microsoft Office 2010 Service Pack 2 (32- Information Discl Temporal: Update Important 4461524 Maybe bit editions) osure N/A

Vector: N/A Base: N/A 4461617 Security Microsoft Office 2010 Service Pack 2 (64- Information Discl Temporal: Update Important 4461524 Maybe bit editions) osure N/A

Vector: N/A Base: N/A 4461594 Security Microsoft Word 2013 Service Pack 1 (32-bit Information Discl Temporal: Update Important 4461485 Maybe editions) osure N/A

Vector: N/A Base: N/A 4461594 Security Microsoft Word 2013 Service Pack 1 (64-bit Information Discl Temporal: Update Important 4461485 Maybe editions) osure N/A

Vector: N/A 4461594 Security Information Discl Base: N/A Microsoft Word 2013 RT Service Pack 1 Update Important 4461485 Maybe osure Temporal:

CVE-2019-0561 N/A Vector: N/A Base: N/A 4461620 Security Microsoft Office Web Apps Server 2010 Information Discl Temporal: Update Important 2965312 Maybe Service Pack 2 osure N/A

Vector: N/A Base: N/A Release Notes Information Discl Temporal: Microsoft Office 2016 for Mac Security Update Important 2965312 No osure N/A

Vector: N/A Base: N/A 4461543 Security Information Discl Temporal: Microsoft Word 2016 (32-bit edition) Update Important 4461504 Maybe osure N/A

Vector: N/A Base: N/A 4461543 Security Information Discl Temporal: Microsoft Word 2016 (64-bit edition) Update Important 4461504 Maybe osure N/A

Vector: N/A Base: N/A Click to Run Information Discl Temporal: Microsoft Office 2019 for 32-bit editions Security Update Important 4461504 No osure N/A

Vector: N/A

CVE-2019-0561 Base: N/A Click to Run Information Discl Temporal: Microsoft Office 2019 for 64-bit editions Security Update Important 4461504 No osure N/A

Vector: N/A Base: N/A Release Notes Information Discl Temporal: Microsoft Office 2019 for Mac Security Update Important 4461504 No osure N/A

Vector: N/A Base: N/A Click to Run Information Discl Temporal: Office 365 ProPlus for 32-bit Systems Security Update Important 4461504 No osure N/A

Vector: N/A Base: N/A Click to Run Information Discl Temporal: Office 365 ProPlus for 64-bit Systems Security Update Important 4461504 No osure N/A

Vector: N/A Base: N/A 4461612 Security Word Automation Services on Microsoft Information Discl Temporal: Update Important 4461520 Maybe SharePoint Server 2010 Service Pack 2 osure N/A

Vector: N/A

CVE-2019-0562 - Microsoft SharePoint Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. CVE- 2019- The attacker who successfully exploited the vulnerability could then perform cross-site scripting Elevation of 0562 attacks on affected systems and run script in the security context of the current user. These Important Privilege MITRE attacks could allow the attacker to read content that the attacker is not authorized to read, use the NVD victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

FAQ:

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0562 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required 4461598 Security Microsoft SharePoint Enterprise Server Elevation of Base: N/A Update Important 4461541 Maybe 2016 Privilege Temporal:

CVE-2019-0562 N/A Vector: N/A Base: N/A 4461591 Security Microsoft SharePoint Enterprise Server Elevation of Temporal: Update Important 4461549 Maybe 2013 Service Pack 1 Privilege N/A

Vector: N/A Base: N/A 4461634 Security Elevation of Temporal: Microsoft SharePoint Server 2019 Update Important 4461548 Maybe Privilege N/A

Vector: N/A

CVE-2019-0564 - ASP.NET Core Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: ASP.NET Core Denial of Service Vulnerability CVE- Description: 2019- A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. Denial of 0564 Important An attacker who successfully exploited this vulnerability could cause a denial of service against Service MITRE an ASP.NET Core web application. The vulnerability can be exploited remotely, without NVD authentication.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0564 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A Release Notes Security Update ASP.NET Core 2.1 Important Denial of Service Temporal: N/A Maybe

Vector: N/A

CVE-2019-0565 - Microsoft Edge Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Edge Memory Corruption Vulnerability Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to CVE- execute arbitrary code in the context of the current user. An attacker who successfully exploited 2019- the vulnerability could gain the same user rights as the current user. If the current user is logged Remote Code 0565 Critical on with administrative user rights, an attacker could take control of an affected system. An Execution MITRE attacker could then install programs; view, change, or delete data; or create new accounts with NVD full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0565 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Edge on Base: 4.2 4480966 Windows Remote Temporal: 3.8 Security 10 Version Critical Code 4483234 Vector: Yes Update 1803 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R

32-bit C:C Systems Microsoft Edge on Base: 4.2 4480966 Windows Remote Temporal: 3.8 Security 10 Version Critical Code 4483234 Vector: Yes Update 1803 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems

CVE-2019-0565 Microsoft Edge on Base: 4.2 Windows 4480966 Remote Temporal: 3.8 10 Version Security Critical Code 4483234 Vector: Yes 1803 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Microsoft Edge on Base: 4.2 4480116 Windows Remote Temporal: 3.8 Security 10 Version Critical Code 4483235 Vector: Yes Update 1809 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R

32-bit C:C Systems Microsoft Edge on Base: 4.2 4480116 Windows Remote Temporal: 3.8 Security 10 Version Critical Code 4483235 Vector: Yes Update 1809 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems

CVE-2019-0565 Microsoft Edge on Base: 4.2 Windows 4480116 Remote Temporal: 3.8 10 Version Security Critical Code 4483235 Vector: Yes 1809 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Base: 4.2 Microsoft 4480116 Remote Temporal: 3.8 Edge on Security Moderate Code 4483235 Vector: Yes Windows Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R Server 2019 C:C

CVE-2019-0566 - Microsoft Edge Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Microsoft Edge Elevation of Privilege Vulnerability Elevation of 2019- Important Description: Privilege 0566

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object. NVD An attacker who successfully exploited the vulnerability could use the Browser Broker COM object to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0566 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Base: 4.3 4480962 Edge on Elevation Temporal: 3.9 Security Windows Important of 4483228 Vector: Yes Update 10 for 32- Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R bit Systems C:C Microsoft Base: 4.3 Edge on 4480962 Elevation Temporal: 3.9 Windows Security Important of 4483228 Vector: Yes 10 for x64- Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R based C:C Systems Base: 4.3 Microsoft 4480961 Elevation Temporal: 3.9 Edge on Security Low of 4471321 Vector: Yes Windows Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R Server 2016 C:C

CVE-2019-0566 Microsoft Base: 4.3 Edge on 4480961 Elevation Temporal: 3.9 Windows Security Important of 4483229 Vector: Yes 10 Version Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R 1607 for 32- C:C bit Systems Microsoft Edge on Base: 4.3 4480961 Windows Elevation Temporal: 3.9 Security 10 Version Important of 4471321 Vector: Yes Update 1607 for Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.3 Edge on 4480973 Elevation Temporal: 3.9 Windows Security Important of 4483229 Vector: Yes 10 Version Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R 1703 for 32- C:C bit Systems Microsoft 4480973 Elevation Base: 4.3 Edge on Security Important of 4483229 Temporal: 3.9 Yes Windows Update Privilege Vector: 10 Version

CVE-2019-0566 1703 for CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.3 Edge on 4480978 Elevation Temporal: 3.9 Windows Security Important of 4483232 Vector: Yes 10 Version Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R 1709 for 32- C:C bit Systems Microsoft Edge on Base: 4.3 4480978 Windows Elevation Temporal: 3.9 Security 10 Version Important of 4483232 Vector: Yes Update 1709 for Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.3 Edge on 4480966 Elevation Temporal: 3.9 Windows Security Important of 4483234 Vector: Yes 10 Version Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R 1803 for 32- C:C bit Systems

CVE-2019-0566 Microsoft Edge on Base: 4.3 4480966 Windows Elevation Temporal: 3.9 Security 10 Version Important of 4483234 Vector: Yes Update 1803 for Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Edge on Base: 4.3 Windows 4480966 Elevation Temporal: 3.9 10 Version Security Important of 4483234 Vector: Yes 1803 for Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Microsoft Base: 4.3 Edge on 4480116 Elevation Temporal: 3.9 Windows Security Important of 4483235 Vector: Yes 10 Version Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R 1809 for 32- C:C bit Systems

CVE-2019-0566 Microsoft Edge on Base: 4.3 4480116 Windows Elevation Temporal: 3.9 Security 10 Version Important of 4483235 Vector: Yes Update 1809 for Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Edge on Base: 4.3 Windows 4480116 Elevation Temporal: 3.9 10 Version Security Important of 4483235 Vector: Yes 1809 for Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Base: 4.3 Microsoft 4480116 Elevation Temporal: 3.9 Edge on Security Low of 4483235 Vector: Yes Windows Update Privilege CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R Server 2019 C:C Microsoft Elevation Base: 4.3 4480978 Edge on Important of 4483232 Temporal: 3.9 Yes Security Windows Privilege Vector:

CVE-2019-0566 10 Version Update CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R 1709 for C:C ARM64- based Systems

CVE-2019-0567 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability Description: CVE- A remote code execution vulnerability exists in the way that the Chakra scripting engine handles 2019- objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way Remote Code 0567 that an attacker could execute arbitrary code in the context of the current user. An attacker who Critical Execution MITRE successfully exploited the vulnerability could gain the same user rights as the current user. If the NVD current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0567 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Base: 4.2 4480962 Edge on Remote Temporal: 3.8 Security Windows 10 Critical Code 4483228 Vector: Yes Update for 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R

CVE-2019-0567 Microsoft Base: 4.2 Edge on 4480961 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483229 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1607 for 32- C:C bit Systems Microsoft Edge on Base: 4.2 4480961 Windows 10 Remote Temporal: 3.8 Security Version Critical Code 4471321 Vector: Yes Update 1607 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.2 Edge on 4480973 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483229 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1703 for 32- C:C bit Systems Microsoft 4480973 Remote Base: 4.2 Edge on Security Critical Code 4483229 Temporal: 3.8 Yes Windows 10 Update Execution Vector: Version

CVE-2019-0567 1703 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.2 Edge on 4480978 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483232 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1709 for 32- C:C bit Systems Microsoft Edge on Base: 4.2 4480978 Windows 10 Remote Temporal: 3.8 Security Version Critical Code 4483232 Vector: Yes Update 1709 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Base: 4.2 Edge on 4480966 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483234 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1803 for 32- C:C bit Systems

CVE-2019-0567 Microsoft Edge on Base: 4.2 4480966 Windows 10 Remote Temporal: 3.8 Security Version Critical Code 4483234 Vector: Yes Update 1803 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Edge on Base: 4.2 Windows 10 4480966 Remote Temporal: 3.8 Version Security Critical Code 4483234 Vector: Yes 1803 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Microsoft Base: 4.2 Edge on 4480116 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483235 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1809 for 32- C:C bit Systems

CVE-2019-0567 Microsoft Edge on Base: 4.2 4480116 Windows 10 Remote Temporal: 3.8 Security Version Critical Code 4483235 Vector: Yes Update 1809 for Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Edge on Base: 4.2 Windows 10 4480116 Remote Temporal: 3.8 Version Security Critical Code 4483235 Vector: Yes 1809 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Base: 4.2 Microsoft 4480116 Remote Temporal: 3.8 Edge on Security Moderate Code 4483235 Vector: Yes Windows Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R Server 2019 C:C Microsoft Remote Base: 4.2 4480978 Edge on Critical Code 4483232 Temporal: 3.8 Yes Security Windows 10 Execution Vector:

CVE-2019-0567 Version Update CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1709 for C:C ARM64- based Systems Release Notes Remote Base: N/A ChakraCore Security Critical Code 4483232 Temporal: N/A Maybe Update Execution Vector: N/A

CVE-2019-0568 - Chakra Scripting Engine Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability CVE- Description: Remote Code 2019- Critical A remote code execution vulnerability exists in the way that the Chakra scripting engine handles Execution 0568 objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE that an attacker could execute arbitrary code in the context of the current user. An attacker who NVD successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0568 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Microsoft Base: 4.2 Edge on 4480966 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483234 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1803 for 32- C:C bit Systems Microsoft 4480966 Remote Base: 4.2 Edge on Security Critical Code 4483234 Temporal: 3.8 Yes Windows 10 Update Execution Vector: Version

CVE-2019-0568 1803 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R x64-based C:C Systems Microsoft Edge on Base: 4.2 Windows 10 4480966 Remote Temporal: 3.8 Version Security Critical Code 4483234 Vector: Yes 1803 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Microsoft Base: 4.2 Edge on 4480116 Remote Temporal: 3.8 Windows 10 Security Critical Code 4483235 Vector: Yes Version Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R 1809 for 32- C:C bit Systems Microsoft Base: 4.2 4480116 Edge on Remote Temporal: 3.8 Security Windows 10 Critical Code 4483235 Vector: Yes Update Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R

1809 for C:C

CVE-2019-0568 x64-based Systems Microsoft Edge on Base: 4.2 Windows 10 4480116 Remote Temporal: 3.8 Version Security Critical Code 4483235 Vector: Yes 1809 for Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R ARM64- C:C based Systems Base: 4.2 Microsoft 4480116 Remote Temporal: 3.8 Edge on Security Moderate Code 4483235 Vector: Yes Windows Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R Server 2019 C:C Release Base: 4.2 Notes Remote Temporal: 3.8 ChakraCore Security Critical Code 4483235 Vector: Maybe Update Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R C:C

CVE-2019-0569 - Windows Kernel Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. CVE- 2019- The update addresses the vulnerability by correcting how the Windows kernel handles objects Information Discl 0569 in memory. Important osure MITRE NVD FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0569 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 for 32-bit Base: 5.5 Security Information Systems Service Pack Important 4471318 Temporal: 5.5 Yes Only Disclosure 1 Vector: 4480970

CVE-2019-0569 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Rollup N

4480960 Security Base: 5.5 Windows 7 for x64- Only Temporal: 5.5 Information based Systems 4480970 Important 4471318 Vector: Yes Disclosure Service Pack 1 Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Rollup N

4480960 Windows Server Security Base: 5.5 2008 R2 for x64- Only Temporal: 5.5 based Systems Information 4480970 Important 4471318 Vector: Yes Service Pack 1 Disclosure Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: (Server Core Rollup N installation)

4480960 Base: 5.5 Windows Server Security Temporal: 5.5 2008 R2 for Itanium- Information Only Important 4471318 Vector: Yes Based Systems Disclosure 4480970 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Service Pack 1 Monthly N

CVE-2019-0569 Rollup

4480960 Security Base: 5.5 Windows Server Only Temporal: 5.5 2008 R2 for x64- Information 4480970 Important 4471318 Vector: Yes based Systems Disclosure Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Service Pack 1 Rollup N

4480957 Windows Server Security Base: 5.5 2008 for 32-bit Only Temporal: 5.5 Information Systems Service Pack 4480968 Important 4471325 Vector: Yes Disclosure 2 (Server Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: installation) Rollup N

4480972 Security Base: 5.5 Only Temporal: 5.5 Windows Server Information 4480975 Important 4471330 Vector: Yes 2012 Disclosure Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Rollup N

CVE-2019-0569 4480972 Security Base: 5.5 Windows Server Only Temporal: 5.5 Information 2012 (Server Core 4480975 Important 4471330 Vector: Yes Disclosure installation) Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Rollup N

4480964 Security Base: 5.5 Only Temporal: 5.5 Windows 8.1 for 32- Information 4480963 Important 4471320 Vector: Yes bit systems Disclosure Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Rollup N

4480963 Monthly Base: 5.5 Rollup Temporal: 5.5 Windows 8.1 for x64- Information 4480964 Important 4471320 Vector: Yes based systems Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Only N

Windows Server 4480963 Information Base: 5.5 Important 4471320 Yes 2012 R2 Monthly Disclosure Temporal: 5.5

CVE-2019-0569 Rollup Vector: 4480964 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Security N Only

Base: 5.5 4480963 Temporal: 5.5 Monthly Information Windows RT 8.1 Important 4471320 Vector: Yes Rollup Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N 4480963 Monthly Base: 5.5 Windows Server Rollup Temporal: 5.5 Information 2012 R2 (Server Core 4480964 Important 4471320 Vector: Yes Disclosure installation) Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Only N

Base: 5.5 4480962 Temporal: 5.5 Windows 10 for 32- Security Information Important 4483228 Vector: Yes bit Systems Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

CVE-2019-0569 Base: 5.5 4480962 Temporal: 5.5 Windows 10 for x64- Security Information Important 4483228 Vector: Yes based Systems Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480961 Temporal: 5.5 Windows Server Security Information Important 4471321 Vector: Yes 2016 Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480961 Windows 10 Version Temporal: 5.5 Security Information 1607 for 32-bit Important 4483229 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480961 Windows 10 Version Temporal: 5.5 Security Information 1607 for x64-based Important 4471321 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Windows Server Base: 5.5 4480961 Information 2016 (Server Core Important 4471321 Temporal: 5.5 Yes Security Disclosure installation) Vector:

CVE-2019-0569 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: N Base: 5.5 4480973 Windows 10 Version Temporal: 5.5 Security Information 1703 for 32-bit Important 4483229 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480973 Windows 10 Version Temporal: 5.5 Security Information 1703 for x64-based Important 4483229 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480978 Windows 10 Version Temporal: 5.5 Security Information 1709 for 32-bit Important 4483232 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480978 Windows 10 Version Temporal: 5.5 Security Information 1709 for x64-based Important 4483232 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

CVE-2019-0569 Base: 5.5 4480978 Windows Server, Temporal: 5.5 Security Information version 1709 (Server Important 4483232 Vector: Yes Update Disclosure Core Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480966 Windows 10 Version Temporal: 5.5 Security Information 1803 for 32-bit Important 4483234 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480966 Windows 10 Version Temporal: 5.5 Security Information 1803 for x64-based Important 4483234 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480966 Windows Server, Temporal: 5.5 Security Information version 1803 (Server Important 4483234 Vector: Yes Update Disclosure Core Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Windows 10 Version Base: 5.5 4480966 Information 1803 for ARM64- Important 4483234 Temporal: 5.5 Yes Security Disclosure based Systems Vector:

CVE-2019-0569 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: N Base: 5.5 4480116 Windows 10 Version Temporal: 5.5 Security Information 1809 for 32-bit Important 4483235 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480116 Windows 10 Version Temporal: 5.5 Security Information 1809 for x64-based Important 4483235 Vector: Yes Update Disclosure Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480116 Windows 10 Version Temporal: 5.5 Security Information 1809 for ARM64- Important 4483235 Vector: Yes Update Disclosure based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480116 Temporal: 5.5 Windows Server Security Information Important 4483235 Vector: Yes 2019 Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

CVE-2019-0569 Base: 5.5 4480116 Windows Server Temporal: 5.5 Security Information 2019 (Server Core Important 4483235 Vector: Yes Update Disclosure installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N Base: 5.5 4480978 Windows 10 Version Temporal: 5.5 Security Information 1709 for ARM64- Important 4483232 Vector: Yes Update Disclosure based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:

N 4480957 Security Base: 5.5 Windows Server Only Temporal: 5.5 2008 for Itanium- Information 4480968 Important 4471325 Vector: Yes Based Systems Disclosure Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: Service Pack 2 Rollup N

4480957 Base: 5.5 Windows Server Security Temporal: 5.5 2008 for 32-bit Information Only Important 4471325 Vector: Yes Systems Service Pack Disclosure 4480968 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: 2 Monthly N

CVE-2019-0569 Rollup

4480957 Security Base: 5.5 Windows Server Only Temporal: 5.5 2008 for x64-based Information 4480968 Important 4471325 Vector: Yes Systems Service Pack Disclosure Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: 2 Rollup N

4480957 Windows Server Security Base: 5.5 2008 for x64-based Only Temporal: 5.5 Information Systems Service Pack 4480968 Important 4471325 Vector: Yes Disclosure 2 (Server Core Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A: installation) Rollup N

CVE-2019-0570 - Windows Runtime Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. CVE- 2019- The update addresses the vulnerability by correcting the way the Windows Runtime handles Elevation of 0570 objects in memory. Important Privilege MITRE NVD FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0570 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required 4480972 Security Base: 7.8 Only Temporal: 7.8 Windows Server Elevation of 4480975 Important 4471330 Vector: Yes 2012 Privilege Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

Windows Server 4480972 Base: 7.8 Elevation of 2012 (Server Core Security Important 4471330 Temporal: 7.8 Yes Privilege installation) Only Vector:

CVE-2019-0570 4480975 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Monthly H Rollup

4480964 Security Base: 7.8 Only Temporal: 7.8 Windows 8.1 for 32- Elevation of 4480963 Important 4471320 Vector: Yes bit systems Privilege Monthly CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Rollup H

4480963 Monthly Base: 7.8 Rollup Temporal: 7.8 Windows 8.1 for Elevation of 4480964 Important 4471320 Vector: Yes x64-based systems Privilege Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Only H

4480963 Base: 7.8 Monthly Temporal: 7.8 Windows Server Elevation of Rollup Important 4471320 Vector: Yes 2012 R2 Privilege 4480964 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Security H

CVE-2019-0570 Only

Base: 7.8 4480963 Temporal: 7.8 Monthly Elevation of Windows RT 8.1 Important 4471320 Vector: Yes Rollup Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H 4480963 Monthly Base: 7.8 Windows Server Rollup Temporal: 7.8 Elevation of 2012 R2 (Server 4480964 Important 4471320 Vector: Yes Privilege Core installation) Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: Only H

Base: 7.8 4480962 Temporal: 7.8 Windows 10 for 32- Security Elevation of Important 4483228 Vector: Yes bit Systems Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H 4480962 Base: 7.8 Windows 10 for x64- Security Elevation of Important 4483228 Temporal: 7.8 Yes based Systems Update Privilege Vector:

CVE-2019-0570 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480961 Temporal: 7.8 Windows Server Security Elevation of Important 4471321 Vector: Yes 2016 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for x64-based Important 4471321 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows Server Temporal: 7.8 Security Elevation of 2016 (Server Core Important 4471321 Vector: Yes Update Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0570 Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for x64-based Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for 32-bit Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for x64-based Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows Server, Base: 7.8 4480978 Elevation of version 1709 (Server Important 4483232 Temporal: 7.8 Yes Security Privilege Core Installation) Vector:

CVE-2019-0570 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for 32-bit Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for x64-based Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows Server, Temporal: 7.8 Security Elevation of version 1803 (Server Important 4483234 Vector: Yes Update Privilege Core Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for ARM64- Important 4483234 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0570 Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for 32-bit Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for x64-based Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for ARM64- Important 4483235 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Temporal: 7.8 Windows Server Security Elevation of Important 4483235 Vector: Yes 2019 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows Server Base: 7.8 4480116 Elevation of 2019 (Server Core Important 4483235 Temporal: 7.8 Yes Security Privilege installation) Vector:

CVE-2019-0570 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for ARM64- Important 4483232 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0571 - Windows Data Sharing Service Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability 2019- Description: Elevation of 0571 An elevation of privilege vulnerability exists when the Windows Data Sharing Service Important Privilege MITRE improperly handles file operations. An attacker who successfully exploited this vulnerability NVD could run processes in an elevated context.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0571 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Base: 7.8 4480962 Temporal: 7.8 Windows 10 for 32- Security Elevation of Important 4483228 Vector: Yes bit Systems Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480962 Temporal: 7.8 Windows 10 for x64- Security Elevation of Important 4483228 Vector: Yes based Systems Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Temporal: 7.8 Windows Server Security Elevation of Important 4471321 Vector: Yes 2016 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0571 Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for x64-based Important 4471321 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows Server Temporal: 7.8 Security Elevation of 2016 (Server Core Important 4471321 Vector: Yes Update Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for x64-based Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows 10 Version Base: 7.8 4480978 Elevation of 1709 for 32-bit Important 4483232 Temporal: 7.8 Yes Security Privilege Systems Vector:

CVE-2019-0571 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for x64-based Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows Server, Temporal: 7.8 Security Elevation of version 1709 (Server Important 4483232 Vector: Yes Update Privilege Core Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for 32-bit Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for x64-based Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0571 Base: 7.8 4480966 Windows Server, Temporal: 7.8 Security Elevation of version 1803 (Server Important 4483234 Vector: Yes Update Privilege Core Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for ARM64- Important 4483234 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for 32-bit Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for x64-based Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows 10 Version Base: 7.8 4480116 Elevation of 1809 for ARM64- Important 4483235 Temporal: 7.8 Yes Security Privilege based Systems Vector:

CVE-2019-0571 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480116 Temporal: 7.8 Windows Server Security Elevation of Important 4483235 Vector: Yes 2019 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows Server Temporal: 7.8 Security Elevation of 2019 (Server Core Important 4483235 Vector: Yes Update Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for ARM64- Important 4483232 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0572 - Windows Data Sharing Service Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

CVE- An attacker could exploit this vulnerability by running a specially crafted application on the 2019- victim system. Elevation of 0572 Important The update addresses the vulnerability by correcting the way the Windows Data Sharing Privilege MITRE Service handles file operations. NVD

FAQ: None Mitigations: None Workarounds:

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0572 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Base: 7.8 4480962 Temporal: 7.8 Windows 10 for 32- Security Elevation of Important 4483228 Vector: Yes bit Systems Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows 10 for x64- 4480962 Elevation of Base: 7.8 Important 4483228 Yes based Systems Security Privilege Temporal: 7.8

CVE-2019-0572 Update Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480961 Temporal: 7.8 Windows Server Security Elevation of Important 4471321 Vector: Yes 2016 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for x64-based Important 4471321 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows Server Temporal: 7.8 Security Elevation of 2016 (Server Core Important 4471321 Vector: Yes Update Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0572 Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for x64-based Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for 32-bit Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for x64-based Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows Server, Base: 7.8 4480978 Elevation of version 1709 (Server Important 4483232 Temporal: 7.8 Yes Security Privilege Core Installation) Vector:

CVE-2019-0572 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for 32-bit Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for x64-based Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for ARM64- Important 4483234 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0572 Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for 32-bit Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for x64-based Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for ARM64- Important 4483235 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Temporal: 7.8 Windows Server Security Elevation of Important 4483235 Vector: Yes 2019 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows Server Base: 7.8 4480116 Elevation of 2019 (Server Core Important 4483235 Temporal: 7.8 Yes Security Privilege installation) Vector:

CVE-2019-0572 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for ARM64- Important 4483232 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0573 - Windows Data Sharing Service Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability 2019- Description: Elevation of 0573 An elevation of privilege vulnerability exists when the Windows Data Sharing Service Important Privilege MITRE improperly handles file operations. An attacker who successfully exploited this vulnerability NVD could run processes in an elevated context.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0573 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Base: 7.8 4480962 Temporal: 7.8 Windows 10 for 32- Security Elevation of Important 4483228 Vector: Yes bit Systems Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480962 Temporal: 7.8 Windows 10 for x64- Security Elevation of Important 4483228 Vector: Yes based Systems Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Temporal: 7.8 Windows Server Security Elevation of Important 4471321 Vector: Yes 2016 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0573 Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for x64-based Important 4471321 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows Server Temporal: 7.8 Security Elevation of 2016 (Server Core Important 4471321 Vector: Yes Update Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for x64-based Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows 10 Version Base: 7.8 4480978 Elevation of 1709 for 32-bit Important 4483232 Temporal: 7.8 Yes Security Privilege Systems Vector:

CVE-2019-0573 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for x64-based Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for 32-bit Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for x64-based Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0573 Base: 7.8 4480966 Windows Server, Temporal: 7.8 Security Elevation of version 1803 (Server Important 4483234 Vector: Yes Update Privilege Core Installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for ARM64- Important 4483234 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for 32-bit Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for x64-based Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows 10 Version Base: 7.8 4480116 Elevation of 1809 for ARM64- Important 4483235 Temporal: 7.8 Yes Security Privilege based Systems Vector:

CVE-2019-0573 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480116 Temporal: 7.8 Windows Server Security Elevation of Important 4483235 Vector: Yes 2019 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows Server Temporal: 7.8 Security Elevation of 2019 (Server Core Important 4483235 Vector: Yes Update Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for ARM64- Important 4483232 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0574 - Windows Data Sharing Service Elevation of Privilege Vulnerability

CVE- An attacker could exploit this vulnerability by running a specially crafted application on the 2019- victim system. Elevation of 0574 Important The update addresses the vulnerability by correcting the way the Windows Data Sharing Privilege MITRE Service handles file operations. NVD

FAQ: None Mitigations: None Workarounds:

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0574 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Base: 7.8 4480962 Temporal: 7.8 Windows 10 for 32- Security Elevation of Important 4483228 Vector: Yes bit Systems Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows 10 for x64- 4480962 Elevation of Base: 7.8 Important 4483228 Yes based Systems Security Privilege Temporal: 7.8

CVE-2019-0574 Update Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480961 Temporal: 7.8 Windows Server Security Elevation of Important 4471321 Vector: Yes 2016 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows 10 Version Temporal: 7.8 Security Elevation of 1607 for x64-based Important 4471321 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480961 Windows Server Temporal: 7.8 Security Elevation of 2016 (Server Core Important 4471321 Vector: Yes Update Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0574 Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for 32-bit Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480973 Windows 10 Version Temporal: 7.8 Security Elevation of 1703 for x64-based Important 4483229 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for 32-bit Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for x64-based Important 4483232 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows Server, Base: 7.8 4480978 Elevation of version 1709 (Server Important 4483232 Temporal: 7.8 Yes Security Privilege Core Installation) Vector:

CVE-2019-0574 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for 32-bit Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for x64-based Important 4483234 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480966 Windows 10 Version Temporal: 7.8 Security Elevation of 1803 for ARM64- Important 4483234 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0574 Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for 32-bit Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for x64-based Important 4483235 Vector: Yes Update Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Windows 10 Version Temporal: 7.8 Security Elevation of 1809 for ARM64- Important 4483235 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Base: 7.8 4480116 Temporal: 7.8 Windows Server Security Elevation of Important 4483235 Vector: Yes 2019 Update Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

H Windows Server Base: 7.8 4480116 Elevation of 2019 (Server Core Important 4483235 Temporal: 7.8 Yes Security Privilege installation) Vector:

CVE-2019-0574 Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A: H Base: 7.8 4480978 Windows 10 Version Temporal: 7.8 Security Elevation of 1709 for ARM64- Important 4483232 Vector: Yes Update Privilege based Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:

CVE-2019-0575 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0575 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0575 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

4480960 Windows 7 Security Base: 7.8 for x64- Only Remote Temporal: 7 based 4480970 Important Code 4471318 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 1

Windows 4480960 Server 2008 Security Base: 7.8 R2 for x64- Only Remote Temporal: 7 based 4480970 Important Code 4471318 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 1 (Server

CVE-2019-0575 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

1 Windows 4480960 Server 2008 Security Base: 7.8 R2 for x64- Only Remote Temporal: 7 based 4480970 Important Code 4471318 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 1 Windows 4480957 Base: 7.8 Server 2008 Security Remote Temporal: 7 for 32-bit Only Important Code 4471325 Vector: Yes Systems 4480968 Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Monthly C:C 2 (Server

CVE-2019-0575 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0575 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 Server 2012 4480964 Important Code 4471320 Vector: Yes R2 Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0575 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C Base: 7.8 Windows 10 4480962 Remote Temporal: 7 for x64- Security Important Code 4483228 Vector: Yes based Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems C:C Base: 7.8 4480961 Remote Temporal: 7 Windows Security Important Code 4471321 Vector: Yes Server 2016 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0575 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Base: 7.8 Windows 4480961 Remote Temporal: 7 Server 2016 Security Important Code 4471321 Vector: Yes (Server Core Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) C:C Base: 7.8 Windows 10 4480973 Remote Temporal: 7 Version Security Important Code 4483229 Vector: Yes 1703 for 32- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480973 Version Remote Temporal: 7 Security 1703 for Important Code 4483229 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0575 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Windows Base: 7.8 4480978 Server, Remote Temporal: 7 Security version 1709 Important Code 4483232 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0575 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Installation) C:C Windows 10 Base: 7.8 Version 4480966 Remote Temporal: 7 1803 for Security Important Code 4483234 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 Windows 10 4480116 Remote Temporal: 7 Version Security Important Code 4483235 Vector: Yes 1809 for 32- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480116 Version Remote Temporal: 7 Security 1809 for Important Code 4483235 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0575 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0575 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0575 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0576 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0576 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0576 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0576 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0576 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0576 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0576 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0576 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0576 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0576 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0576 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0576 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0576 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0577 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0577 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0577 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0577 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0577 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0577 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0577 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0577 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0577 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0577 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0577 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0577 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0577 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0578 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0578 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0578 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0578 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0578 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0578 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0578 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0578 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0578 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0578 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0578 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0578 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0578 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0579 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0579 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0579 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0579 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0579 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0579 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0579 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0579 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0579 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0579 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0579 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0579 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0579 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0580 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0580 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0580 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0580 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0580 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0580 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0580 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0580 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0580 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0580 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0580 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0580 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0580 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0581 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0581 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0581 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0581 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0581 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0581 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0581 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0581 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0581 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0581 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0581 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0581 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0581 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0582 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0582 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0582 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0582 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0582 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0582 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0582 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0582 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0582 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0582 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0582 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0582 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0582 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0583 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0583 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0583 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0583 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0583 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0583 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0583 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0583 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0583 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0583 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0583 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0583 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0583 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0584 - Jet Database Engine Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Jet Database Engine Remote Code Execution Vulnerability 2019- Description: Remote Code 0584 A remote code execution vulnerability exists when the Windows Jet Database Engine Important Execution MITRE improperly handles objects in memory. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on a victim system.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0584 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4480960 Windows 7 Security Base: 7.8 for 32-bit Only Remote Temporal: 7 Systems 4480970 Important Code 4471318 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 1 Rollup C:C

CVE-2019-0584 Core installation) Windows 4480960 Server 2008 Security Base: 7.8 R2 for Only Remote Temporal: 7 Itanium- 4480970 Important Code 4471318 Vector: Yes Based Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Systems Rollup C:C Service Pack

CVE-2019-0584 Core Rollup installation) 4480972 Security Base: 7.8 Only Remote Temporal: 7 Windows 4480975 Important Code 4471330 Vector: Yes Server 2012 Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Rollup C:C

CVE-2019-0584 4480963 Monthly Base: 7.8 Windows Rollup Remote Temporal: 7 8.1 for x64- 4480964 Important Code 4471320 Vector: Yes based Security Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R systems Only C:C

Base: 7.8 4480963 Remote Temporal: 7 Windows Monthly Important Code 4471320 Vector: Yes RT 8.1 Rollup Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

C:C 4480963 Windows Remote Base: 7.8 Monthly Server 2012 Important Code 4471320 Temporal: 7 Yes Rollup R2 (Server Execution Vector: 4480964

CVE-2019-0584 Core Security CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R installation) Only C:C

Base: 7.8 4480962 Windows 10 Remote Temporal: 7 Security for 32-bit Important Code 4483228 Vector: Yes Update Systems Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0584 Windows 10 Base: 7.8 4480961 Version Remote Temporal: 7 Security 1607 for Important Code 4471321 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C Remote Base: 7.8 Windows 10 4480978 Important Code 4483232 Temporal: 7 Yes Version Security Execution Vector:

CVE-2019-0584 1709 for 32- Update CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R bit Systems C:C Windows 10 Base: 7.8 4480978 Version Remote Temporal: 7 Security 1709 for Important Code 4483232 Vector: Yes Update x64-based Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0584 Windows Base: 7.8 4480966 Server, Remote Temporal: 7 Security version 1803 Important Code 4483234 Vector: Yes Update (Server Core Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

Systems C:C

CVE-2019-0584 Windows 10 Base: 7.8 Version 4480116 Remote Temporal: 7 1809 for Security Important Code 4483235 Vector: Yes ARM64- Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R based C:C Systems Base: 7.8 4480116 Remote Temporal: 7 Windows Security Important Code 4483235 Vector: Yes Server 2019 Update Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R

CVE-2019-0584 Windows 4480957 Server 2008 Security Base: 7.8 for Itanium- Only Remote Temporal: 7 Based 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2 4480957 Windows Security Base: 7.8 Server 2008 Only Remote Temporal: 7 for 32-bit 4480968 Important Code 4471325 Vector: Yes Systems Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R Service Pack Rollup C:C 2

CVE-2019-0584 Windows Server 2008 4480957 for x64- Security Base: 7.8 based Only Remote Temporal: 7 Systems 4480968 Important Code 4471325 Vector: Yes Service Pack Monthly Execution CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R 2 (Server Rollup C:C Core installation)

CVE-2019-0585 - Microsoft Word Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Word Remote Code Execution Vulnerability CVE- Description: 2019- A remote code execution vulnerability exists in Microsoft Word software when it fails to Remote Code 0585 properly handle objects in memory. An attacker who successfully exploited the vulnerability Important Execution MITRE could use a specially crafted file to perform actions in the security context of the current user. NVD For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.

FAQ: I have Microsoft Word 2010 installed. Why am I not being offered the 4461617 update? The 4461617 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.

Mitigations: None Workarounds:

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0585 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4461625 Security Microsoft Word 2010 Service Pack 2 (32-bit Remote Code Temporal: Update Important 4461526 Maybe editions) Execution N/A

Vector: N/A 4461625 Security Microsoft Word 2010 Service Pack 2 (64-bit Remote Code Base: N/A Update Important 4461526 Maybe editions) Execution Temporal:

CVE-2019-0585 N/A Vector: N/A Base: N/A 4461617 Security Microsoft Office 2010 Service Pack 2 (32-bit Remote Code Temporal: Update Important 4461524 Maybe editions) Execution N/A

Vector: N/A Base: N/A 4461617 Security Microsoft Office 2010 Service Pack 2 (64-bit Remote Code Temporal: Update Important 4461524 Maybe editions) Execution N/A

Vector: N/A Base: N/A 4461594 Security Microsoft Word 2013 Service Pack 1 (32-bit Remote Code Temporal: Update Important 4461485 Maybe editions) Execution N/A

Vector: N/A Base: N/A 4461594 Security Microsoft Word 2013 Service Pack 1 (64-bit Remote Code Temporal: Update Important 4461485 Maybe editions) Execution N/A

Vector: N/A Base: N/A 4461594 Security Remote Code Temporal: Microsoft Word 2013 RT Service Pack 1 Update Important 4461485 Maybe Execution N/A

Vector: N/A

CVE-2019-0585 Base: N/A 4461620 Security Microsoft Office Web Apps Server 2010 Remote Code Temporal: Update Important 2965312 Maybe Service Pack 2 Execution N/A

Vector: N/A Base: N/A Release Notes Remote Code Temporal: Microsoft Office 2016 for Mac Security Update Important 2965312 No Execution N/A

Vector: N/A Base: N/A 4461543 Security Remote Code Temporal: Microsoft Word 2016 (32-bit edition) Update Important 4461504 Maybe Execution N/A

Vector: N/A Base: N/A 4461543 Security Remote Code Temporal: Microsoft Word 2016 (64-bit edition) Update Important 4461504 Maybe Execution N/A

Vector: N/A Base: N/A 4461598 Security Remote Code Temporal: Microsoft SharePoint Enterprise Server 2016 Update Important 4461541 Maybe Execution N/A

Vector: N/A 4461589 Security Microsoft SharePoint Enterprise Server 2013 Remote Code Base: N/A Update Important 4022234 Maybe Service Pack 1 Execution Temporal:

CVE-2019-0585 N/A Vector: N/A Base: N/A Click to Run Remote Code Temporal: Microsoft Office 2019 for 32-bit editions Security Update Important 4022234 No Execution N/A

Vector: N/A Base: N/A Click to Run Remote Code Temporal: Microsoft Office 2019 for 64-bit editions Security Update Important 4022234 No Execution N/A

Vector: N/A Base: N/A Release Notes Remote Code Temporal: Microsoft Office 2019 for Mac Security Update Important 4022234 No Execution N/A

Vector: N/A Base: N/A Click to Run Remote Code Temporal: Office 365 ProPlus for 32-bit Systems Security Update Important 4022234 No Execution N/A

Vector: N/A Base: N/A Click to Run Remote Code Temporal: Office 365 ProPlus for 64-bit Systems Security Update Important 4022234 No Execution N/A

Vector: N/A

CVE-2019-0585 Base: N/A 4461634 Security Remote Code Temporal: Microsoft SharePoint Server 2019 Update Important 4461548 Maybe Execution N/A

Vector: N/A Base: N/A 4461635 Security Remote Code Temporal: Microsoft Office Word Viewer Update Important 4092434 Maybe Execution N/A

Vector: N/A Base: N/A 4461633 Security Remote Code Temporal: Microsoft Office Online Server Update Important 4011027 Maybe Execution N/A

Vector: N/A Base: N/A 4461612 Security Word Automation Services on Microsoft Remote Code Temporal: Update Important 4461520 Maybe SharePoint Server 2010 Service Pack 2 Execution N/A

Vector: N/A

CVE-2019-0586 - Microsoft Exchange Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Exchange Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

CVE- Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable 2019- Exchange server. Remote Code 0586 Important The security update addresses the vulnerability by correcting how Microsoft Exchange handles Execution MITRE objects in memory. NVD

FAQ: None Mitigations: None Workarounds: None

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0586 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4471389 Security Microsoft Exchange Server 2016 Remote Code Temporal: Update Important 4468741 Maybe Cumulative Update 10 Execution N/A

Vector: N/A Base: N/A 4471389 Security Remote Code Temporal: Microsoft Exchange Server 2019 Update Important 4468741 Maybe Execution N/A

Vector: N/A

CVE-2019-0586 Base: N/A 4471389 Security Microsoft Exchange Server 2016 Remote Code Temporal: Update Important 4468741 Maybe Cumulative Update 11 Execution N/A

Vector: N/A

CVE-2019-0588 - Microsoft Exchange Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Exchange Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API CVE- grants calendar contributors more view permissions than intended. To exploit this vulnerability, 2019- an attacker would need to be granted contributor access to an Exchange Calendar by an Information Disc 0588 Important administrator via PowerShell. The attacker would then be able to view additional details about losure MITRE the calendar that would normally be hidden. NVD The security update addresses the vulnerability by modifying how the Exchange PowerShell API grants permissions to contributors.

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is miscellaneous details from calendar entries such as the subject of a meeting, which would otherwise not be disclosed.

Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0588 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A 4471389 Security Microsoft Exchange Server 2013 Information Disclo Temporal: Update Important 4459266 Maybe Cumulative Update 21 sure N/A

Vector: N/A Base: N/A 4471389 Security Microsoft Exchange Server 2016 Information Disclo Temporal: Update Important 4468741 Maybe Cumulative Update 10 sure N/A

Vector: N/A Base: N/A 4471389 Security Information Disclo Temporal: Microsoft Exchange Server 2019 Update Important 4468741 Maybe sure N/A

Vector: N/A Base: N/A 4471389 Security Microsoft Exchange Server 2016 Information Disclo Temporal: Update Important 4468741 Maybe Cumulative Update 11 sure N/A

Vector: N/A Base: N/A 4468742 Security Microsoft Exchange Server 2010 Service Information Disclo Temporal: Update Important 4458321 Maybe Pack 3 Update Rollup 25 sure N/A

Vector: N/A

CVE-2019-0622 - Skype for Android Elevation of Privilege Vulnerability

Maximum Severity Vulnerability CVE ID Vulnerability Description Rating Impact CVE Title: Skype for Android Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests. An attacker who successfully exploited this vulnerability could bypass Android's lockscreen and access a victim's personal information. CVE-2019- To exploit the vulnerability, an attacker would need have physical access to the phone. 0622 Elevation of The security update addresses the vulnerability by correcting how Skype for Android Moderate MITRE Privilege handles authentication requests. NVD

FAQ: How do I get the update for Skype for Android?

1. Tap the Google Play icon on your home screen. 2. Swipe in from the left edge of the screen. 3. Tap My apps & games.

Maximum Severity Vulnerability CVE ID Vulnerability Description Rating Impact 4. Tap the Update box next to the Skype app.

Does the vulnerability exist in Skype for Business or the consumer version of Skype? This vulnerability only affects the consumer version of Skype.

Mitigations: None Workarounds: None Revision: 1.0 01/08/2019 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0622 KB CVSS Score Restart Product Severity Impact Supersedence Article Set Required Base: N/A Skype 8.35 when installed on Elevation of Moderate Temporal: N/A Android Devices Privilege Vector: N/A

Statement ======

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS. About NSFOCUS ======

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company's Intelligent Hybrid Security

strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

QR code of NSFOCUS at Sina Weibo QR code of NSFOCUS at WeChat