Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
.NET Core CVE-2019-0982 ASP.NET Core Denial of Service Vulnerability
.NET Core CVE-2019-0981 .Net Framework and .Net Core Denial of Service Vulnerability
.NET Core CVE-2019-0980 .Net Framework and .Net Core Denial of Service Vulnerability
.NET Framework CVE-2019-0864 .NET Framework Denial of Service Vulnerability
.NET Framework CVE-2019-0820 .NET Framework and .NET Core Denial of Service Vulnerability
Adobe Flash Player ADV190012 May 2019 Adobe Flash Security Update
Azure CVE-2019-1000 Microsoft Azure AD Connect Elevation of Privilege Vulnerability
Internet Explorer CVE-2019-0929 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2019-0995 Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0930 Internet Explorer Information Disclosure Vulnerability
Internet Explorer CVE-2019-0921 Internet Explorer Spoofing Vulnerability
Kerberos CVE-2019-0734 Windows Elevation of Privilege Vulnerability
Microsoft Browsers CVE-2019-0940 Microsoft Browser Memory Corruption Vulnerability
Microsoft Dynamics CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass
Microsoft Edge CVE-2019-0938 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge CVE-2019-0926 Microsoft Edge Memory Corruption Vulnerability
Microsoft Graphics Component CVE-2019-0892 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0961 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0758 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0903 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-0882 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0898 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0895 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0897 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0889 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0890 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0891 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0896 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0893 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0894 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0901 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0899 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0900 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0902 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0947 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0953 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0945 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0946 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-0957 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2019-0956 Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2019-0949 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2019-0950 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2019-0952 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-0951 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-0958 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting Engine CVE-2019-0924 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0923 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0927 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0922 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0884 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0933 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0925 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0937 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0918 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0913 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0912 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0911 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0914 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0917 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0916 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0915 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability
Microsoft Windows CVE-2019-0936 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0886 Windows Hyper-V Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0863 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0942 Unified Write Filter Elevation of Privilege Vulnerability
Microsoft Windows ADV190013 Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities
Microsoft Windows CVE-2019-0931 Windows Storage Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0885 Windows OLE Remote Code Execution Vulnerability
NuGet CVE-2019-0976 NuGet Package Manager Tampering Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Skype for Android CVE-2019-0932 Skype for Android Information Disclosure Vulnerability
SQL Server CVE-2019-0819 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
Team Foundation Server CVE-2019-0971 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Team Foundation Server CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
Windows DHCP Server CVE-2019-0725 Windows DHCP Server Remote Code Execution Vulnerability
Windows Diagnostic Hub CVE-2019-0727 Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-0881 Windows Kernel Elevation of Privilege Vulnerability
Windows NDIS CVE-2019-0707 Windows NDIS Elevation of Privilege Vulnerability
Windows RDP CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability

CVE-2019-0863 - Windows Error Reporting Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0863
MITRE
NVD
CVE Title: Windows Error Reporting Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges.

To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system.

The security update addresses the vulnerability by correcting the way WER handles files.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected Exploitation Detected Not Applicable Yes Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0863
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Elevation of Privilege 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Elevation of Privilege 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Elevation of Privilege 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Elevation of Privilege 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Elevation of Privilege 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Elevation of Privilege 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Elevation of Privilege 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Elevation of Privilege 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Elevation of Privilege 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Elevation of Privilege 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Elevation of Privilege 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Elevation of Privilege 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Elevation of Privilege
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Elevation of Privilege
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Elevation of Privilege 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Elevation of Privilege 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0863 Polar Bear


Gal De Leon of Palo Alto Networks
https://www.paloaltonetworks.com/


CVE-2019-0882 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0882
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0882
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Information Disclosure 4493475 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Information Disclosure 4493475 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Information Disclosure 4493474 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Information Disclosure 4493474 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Information Disclosure 4493441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Information Disclosure 4493441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Information Disclosure 4493441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Information Disclosure 4493446 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Information Disclosure
4493451
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Information Disclosure
4493451
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0882 Axel Souchet (@0vercl0k) of MSRC Vulnerabilities and Mitigations Team
https://twitter.com/0vercl0k


willJ working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-0884 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0884
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0884
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 10 on Windows Server 2012 4498206 (IE Cumulative)
4499171 (Monthly Rollup)
Moderate Remote Code Execution 4493435
4493451
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems 4499154 (Security Update) Critical Remote Code Execution 4493475 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4499154 (Security Update) Critical Remote Code Execution 4493475 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Critical Remote Code Execution 4493474 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Critical Remote Code Execution 4493474 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4498206 (IE Cumulative)
4499164 (Monthly Rollup)
Critical Remote Code Execution 4493435
4493472
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4498206 (IE Cumulative)
4499164 (Monthly Rollup)
Critical Remote Code Execution 4493435
4493472
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4498206 (IE Cumulative)
4499151 (Monthly Rollup)
Critical Remote Code Execution 4493435
4493446
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4498206 (IE Cumulative)
4499151 (Monthly Rollup)
Critical Remote Code Execution 4493435
4493446
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4499151 (Monthly Rollup) Critical Remote Code Execution 4493446 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4498206 (IE Cumulative)
4499164 (Monthly Rollup)
Moderate Remote Code Execution 4493435
4493472
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 4498206 (IE Cumulative) Moderate Remote Code Execution 4493435 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4498206 (IE Cumulative)
4499151 (Monthly Rollup)
Moderate Remote Code Execution 4493435
4493446
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4494440 (Security Update) Moderate Remote Code Execution 4493470 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2019 4494441 (Security Update) Moderate Remote Code Execution 4493509 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4498206 (IE Cumulative)
Moderate Remote Code Execution 4493471
4493435
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4498206 (IE Cumulative)
Moderate Remote Code Execution 4493471
4493435
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems 4499154 (Security Update) Critical Remote Code Execution 4493475 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4499154 (Security Update) Critical Remote Code Execution 4493475 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Critical Remote Code Execution 4493474 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Critical Remote Code Execution 4493474 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4494440 (Security Update) Moderate Remote Code Execution 4493470 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4494441 (Security Update) Moderate Remote Code Execution 4493509 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0884 Four Fire


CVE-2019-0886 - Windows Hyper-V Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0886
MITRE
NVD
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system.

The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0886
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Information Disclosure 4493470 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Information Disclosure 4493474 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Information Disclosure 4493441 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Information Disclosure 4493464 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Information Disclosure 4493509 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Information Disclosure 4493470 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Information Disclosure 4493470 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Information Disclosure 4493509 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Information Disclosure 4493509 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Information Disclosure 4493464 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0886 None

CVE-2019-0892 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0892
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0892
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0892 Zhang Yunhai of NSFOCUS
http://www.nsfocus.com/


CVE-2019-0893 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0893
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0893
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0893 Honggang Ren of Fortinet's FortiGuard Labs


CVE-2019-0894 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0894
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0894
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0894 rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-0895 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0895
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0895
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0895 rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-0896 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0896
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0896
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0896 rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-0897 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0897
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0897
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0897 rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


Keqi Hu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.


CVE-2019-0898 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0898
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0898
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0898 Honggang Ren of Fortinet's FortiGuard Labs


CVE-2019-0899 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0899
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0899
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0899 Hardik Shah of McAfee
https://twitter.com/hardik05


Gal De Leon and Bar Lahav of Palo Alto Networks
https://www.paloaltonetworks.com/


CVE-2019-0900 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0900
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0900
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0900 Bar Lahav and Gal De Leon of Palo Alto Networks
https://www.paloaltonetworks.com/


CVE-2019-0901 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0901
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0901
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0901 Bar Lahav and Gal De Leon of Palo Alto Networks
https://www.paloaltonetworks.com/


CVE-2019-0902 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0902
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0902
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Remote Code Execution 4493475 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Remote Code Execution 4493474 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Remote Code Execution 4493441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Remote Code Execution 4493446 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Remote Code Execution 4493471
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Remote Code Execution 4493472
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Remote Code Execution
4493451
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Remote Code Execution 4493446
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Remote Code Execution 4493470 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Remote Code Execution 4493509 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Remote Code Execution 4493464 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0902 rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


Hardik Shah of McAfee
https://twitter.com/hardik05


Bar Lahav and Gal De Leon of Palo Alto Networks
https://www.paloaltonetworks.com/


CVE-2019-0903 - GDI+ Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0903
MITRE
NVD
CVE Title: GDI+ Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

There are multiple ways an attacker could exploit the vulnerability:

  • In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message.
  • In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file.

The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0903
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Critical Remote Code Execution 4493475 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Critical Remote Code Execution 4493475 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Critical Remote Code Execution 4493474 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Critical Remote Code Execution 4493474 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Critical Remote Code Execution 4493441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Critical Remote Code Execution None Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Critical Remote Code Execution 4493472
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Critical Remote Code Execution 4493472
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Critical Remote Code Execution 4493446
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Critical Remote Code Execution 4493446
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Critical Remote Code Execution 4493446 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Critical Remote Code Execution 4493471
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Critical Remote Code Execution 4493471
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Critical Remote Code Execution 4493471
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Critical Remote Code Execution 4493471
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Critical Remote Code Execution 4493471
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Critical Remote Code Execution 4493472
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Critical Remote Code Execution 4493472
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Critical Remote Code Execution 4493472
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Critical Remote Code Execution
4493451
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Critical Remote Code Execution
4493451
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Critical Remote Code Execution 4493446
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Critical Remote Code Execution 4493446
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Critical Remote Code Execution 4493470 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Critical Remote Code Execution 4493509 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Critical Remote Code Execution 4493464 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Critical Remote Code Execution None Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0903 kdot working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-0932 - Skype for Android Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0932
MITRE
NVD
CVE Title: Skype for Android Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in Skype for Android. An attacker that exploited the vulnerability could listen to the conversation of a Skype for Android user without the user’s knowledge.

To exploit the vulnerability, an attacker would need to call an Android phone with Skype for Android installed that’s also paired with a Bluetooth device.

The security update addresses the vulnerability by correcting how Skype for Android answers incoming calls.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is audio from a cellular phone call.


How do I get the update for Skype for Android?

  1. Tap the Google Play icon on your home screen.
  2. Swipe in from the left edge of the screen.
  3. Tap My apps & games.
  4. Tap the Update box next to the Skype app.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0932
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Skype 8.35 when installed on Android Devices Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0932 None

CVE-2019-0942 - Unified Write Filter Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0942
MITRE
NVD
CVE Title: Unified Write Filter Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry. An attacker who successfully exploited the vulnerability could make changes to the registry keys protected by UWF without having administrator privileges.

To exploit the vulnerability, an attacker would have to log on to an affected system utilizing UWF and access the registry editor.

The security update addresses the vulnerability by correcting how the Unified Write Filter verifies privileges when accessing the registry.


FAQ:

What is the Unified Write Filter feature?

Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is usually cleared during a reboot or when a guest user logs off. More information is available at https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0942
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Elevation of Privilege 4493475 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Elevation of Privilege 4493475 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Elevation of Privilege 4493474 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Elevation of Privilege 4493474 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Elevation of Privilege 4493441 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Elevation of Privilege 4493470 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Elevation of Privilege 4493509 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Elevation of Privilege 4493464 Base: 4.40
Temporal: 4.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0942 Thomas Levering


CVE-2019-0945 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0945
MITRE
NVD
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0945
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4464567 (Security Update) Important Remote Code Execution 4464520 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4464567 (Security Update) Important Remote Code Execution 4464520 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4464561 (Security Update) Important Remote Code Execution 4462204 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4464561 (Security Update) Important Remote Code Execution 4462204 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4464561 (Security Update) Important Remote Code Execution 4462204 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4464551 (Security Update) Important Remote Code Execution 4462213 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4464551 (Security Update) Important Remote Code Execution 4462213 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0945 Keqi Hu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.


CVE-2019-0946 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0946
MITRE
NVD
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0946
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4464567 (Security Update) Important Remote Code Execution 4464520 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4464567 (Security Update) Important Remote Code Execution 4464520 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4464561 (Security Update) Important Remote Code Execution 4462204 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4464561 (Security Update) Important Remote Code Execution 4462204 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4464561 (Security Update) Important Remote Code Execution 4462204 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4464551 (Security Update) Important Remote Code Execution 4462213 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4464551 (Security Update) Important Remote Code Execution 4462213 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0946 Keqi Hu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.


CVE-2019-0947 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0947
MITRE
NVD
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0947
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4464567 (Security Update) Important Remote Code Execution 4464520 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4464567 (Security Update) Important Remote Code Execution 4464520 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0947 Bar Lahav and Gal De Leon of Palo Alto Networks
https://www.paloaltonetworks.com/


CVE-2019-0956 - Microsoft SharePoint Server Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0956
MITRE
NVD
CVE Title: Microsoft SharePoint Server Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII).


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0956
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4464549 (Security Update) Important Information Disclosure 4464510 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4464564 (Security Update) Important Information Disclosure 4464515 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0956 None

CVE-2019-0957 - Microsoft SharePoint Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0957
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0957
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4464549 (Security Update) Important Elevation of Privilege 4464510 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4464556 (Security Update) Important Elevation of Privilege 4464518 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0957 Ashar Javed of Hyundai AutoEver Europe GmbH
https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/


CVE-2019-0958 - Microsoft SharePoint Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0958
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0958
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Foundation 2013 Service Pack 1 4464564 (Security Update) Important Elevation of Privilege 4464515 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4464556 (Security Update) Important Elevation of Privilege 4464518 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0958 Ahmed Radi
https://twitter/0xRadi


CVE-2019-0961 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0961
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0961
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4499154 (Security Update) Important Information Disclosure 4493475 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4499154 (Security Update) Important Information Disclosure 4493475 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Information Disclosure 4493474 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Information Disclosure 4493474 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Information Disclosure 4493441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Information Disclosure 4493441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Information Disclosure 4493441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4499151 (Monthly Rollup) Important Information Disclosure 4493446 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4499149 (Monthly Rollup)
4499180 (Security Only)
Important Information Disclosure 4493471
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4499164 (Monthly Rollup)
4499175 (Security Only)
Important Information Disclosure 4493472
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Information Disclosure
4493451
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4499158 (Security Only)
4499171 (Monthly Rollup)
Important Information Disclosure
4493451
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4499151 (Monthly Rollup)
4499165 (Security Only)
Important Information Disclosure 4493446
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4494440 (Security Update) Important Information Disclosure 4493470 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4494441 (Security Update) Important Information Disclosure 4493509 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4499167 (Security Update) Important Information Disclosure 4493464 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4497936 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0961 Kamlapati Choubey of Trend Micro


CVE-2019-0963 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0963
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0963
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Foundation 2013 Service Pack 1 4464564 (Security Update) Important Spoofing 4464515 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0963 Huynh Phuoc Hung, @hph0var
https://twitter.com/hph0var


CVE-2019-0971 - Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0971
MITRE
NVD
CVE Title: Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server.

To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack.

The update addresses the vulnerability by modifying how Azure DevOps Server and Microsoft Team Foundation Server manage server authentication.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is device information like resource ids, sas tokens, user properties, and other sensitive information.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0971
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Azure DevOps Server 2019 Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Team Foundation Server 2018 Update 3.2 Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0971 Paolo Giai Polict
https://polict.net/


CVE-2019-0980 - .Net Framework and .Net Core Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0980
MITRE
NVD
CVE Title: .Net Framework and .Net Core Denial of Service Vulnerability
Description:

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application.

The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-05-14T07:00:00    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0980
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
.NET Core 1.0 Release Notes (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
.NET Core 1.1 Release Notes (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
.NET Core 2.1 Release Notes (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
.NET Core 2.2 Release Notes (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 4498964 (Security Only)
4499409 (Monthly Rollup)
Important Denial of Service
4487081; 4487259
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 4498964 (Security Only)
4499409 (Monthly Rollup)
Important Denial of Service
4487081; 4487259
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 4498964 (Security Only)
4499409 (Monthly Rollup)
Important Denial of Service
4487081; 4487259
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 4498964 (Security Only)
4499409 (Monthly Rollup)
Important Denial of Service
4487081; 4487259
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 4498964 (Security Only)
4499409 (Monthly Rollup)
Important Denial of Service
4487081; 4487259
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 4498964 (Security Only)
4499409 (Monthly Rollup)
Important Denial of Service
4487081; 4487259
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems 4499154 (Security Update) Important Denial of Service 4493475 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems 4499154 (Security Update) Important Denial of Service 4493475 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems 4494440 (Security Update) Important Denial of Service 4493470 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems 4494440 (Security Update) Important Denial of Service 4493470 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems 4499181 (Security Update) Important Denial of Service 4493474 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems 4499181 (Security Update) Important Denial of Service 4493474 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems 4499179 (Security Update) Important Denial of Service 4493441 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for ARM64-based Systems 4499179 (Security Update) Important Denial of Service 4493441 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems 4499179 (Security Update) Important Denial of Service 4493441 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems 4499167 (Security Update) Important Denial of Service 4493464 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for ARM64-based Systems 4499167 (Security Update) Important Denial of Service 4493464 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems 4499167 (Security Update) Important Denial of Service 4493464 B