This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Core | CVE-2019-0982 | ASP.NET Core Denial of Service Vulnerability |
| .NET Core | CVE-2019-0981 | .Net Framework and .Net Core Denial of Service Vulnerability |
| .NET Core | CVE-2019-0980 | .Net Framework and .Net Core Denial of Service Vulnerability |
| .NET Framework | CVE-2019-0864 | .NET Framework Denial of Service Vulnerability |
| .NET Framework | CVE-2019-0820 | .NET Framework and .NET Core Denial of Service Vulnerability |
| Adobe Flash Player | ADV190012 | May 2019 Adobe Flash Security Update |
| Azure | CVE-2019-1000 | Microsoft Azure AD Connect Elevation of Privilege Vulnerability |
| Internet Explorer | CVE-2019-0929 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2019-0995 | Internet Explorer Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2019-0930 | Internet Explorer Information Disclosure Vulnerability |
| Internet Explorer | CVE-2019-0921 | Internet Explorer Spoofing Vulnerability |
| Kerberos | CVE-2019-0734 | Windows Elevation of Privilege Vulnerability |
| Microsoft Browsers | CVE-2019-0940 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Dynamics | CVE-2019-1008 | Microsoft Dynamics On-Premise Security Feature Bypass |
| Microsoft Edge | CVE-2019-0938 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Edge | CVE-2019-0926 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Graphics Component | CVE-2019-0892 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-0961 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0758 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2019-0882 | Windows GDI Information Disclosure Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0898 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0895 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0897 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0889 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0890 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0891 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0896 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0893 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0894 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0901 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0899 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0900 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0902 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0947 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0953 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0945 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0946 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0957 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0956 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0949 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0950 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0952 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0951 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0963 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0958 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0924 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0923 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0927 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0922 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0884 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0933 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0925 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0937 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0918 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0913 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0912 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0911 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0914 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0917 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0916 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0915 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2019-0733 | Windows Defender Application Control Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2019-0936 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0886 | Windows Hyper-V Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0863 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0942 | Unified Write Filter Elevation of Privilege Vulnerability |
| Microsoft Windows | ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities |
| Microsoft Windows | CVE-2019-0931 | Windows Storage Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0885 | Windows OLE Remote Code Execution Vulnerability |
| NuGet | CVE-2019-0976 | NuGet Package Manager Tampering Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Android | CVE-2019-0932 | Skype for Android Information Disclosure Vulnerability |
| SQL Server | CVE-2019-0819 | Microsoft SQL Server Analysis Services Information Disclosure Vulnerability |
| Team Foundation Server | CVE-2019-0971 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability |
| Team Foundation Server | CVE-2019-0979 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0872 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability |
| Windows DHCP Server | CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability |
| Windows Diagnostic Hub | CVE-2019-0727 | Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-0881 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows NDIS | CVE-2019-0707 | Windows NDIS Elevation of Privilege Vulnerability |
| Windows RDP | CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0863 MITRE NVD |
CVE Title: Windows Error Reporting Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges. To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system. The security update addresses the vulnerability by correcting the way WER handles files. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Exploitation Detected | Not Applicable | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0863 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Elevation of Privilege | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Elevation of Privilege | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Elevation of Privilege | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Elevation of Privilege | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Elevation of Privilege | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Elevation of Privilege | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Elevation of Privilege | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Elevation of Privilege | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Elevation of Privilege | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Elevation of Privilege | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Elevation of Privilege | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Elevation of Privilege | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Elevation of Privilege | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Elevation of Privilege | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Elevation of Privilege | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Elevation of Privilege | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0863 | Polar Bear Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0882 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0882 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Information Disclosure | 4493475 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Information Disclosure | 4493475 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Information Disclosure | 4493474 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Information Disclosure | 4493474 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Information Disclosure | 4493441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Information Disclosure | 4493441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Information Disclosure | 4493441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Information Disclosure | 4493446 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Information Disclosure | 4493451 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Information Disclosure | 4493451 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0882 | Axel Souchet (@0vercl0k) of MSRC Vulnerabilities and Mitigations Team https://twitter.com/0vercl0k willJ working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0884 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0884 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4498206 (IE Cumulative) 4499171 (Monthly Rollup) |
Moderate | Remote Code Execution | 4493435 4493451 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4499154 (Security Update) | Critical | Remote Code Execution | 4493475 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4499154 (Security Update) | Critical | Remote Code Execution | 4493475 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Critical | Remote Code Execution | 4493474 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Critical | Remote Code Execution | 4493474 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4498206 (IE Cumulative) 4499164 (Monthly Rollup) |
Critical | Remote Code Execution | 4493435 4493472 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4498206 (IE Cumulative) 4499164 (Monthly Rollup) |
Critical | Remote Code Execution | 4493435 4493472 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4498206 (IE Cumulative) 4499151 (Monthly Rollup) |
Critical | Remote Code Execution | 4493435 4493446 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4498206 (IE Cumulative) 4499151 (Monthly Rollup) |
Critical | Remote Code Execution | 4493435 4493446 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4499151 (Monthly Rollup) | Critical | Remote Code Execution | 4493446 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4498206 (IE Cumulative) 4499164 (Monthly Rollup) |
Moderate | Remote Code Execution | 4493435 4493472 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4498206 (IE Cumulative) | Moderate | Remote Code Execution | 4493435 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4498206 (IE Cumulative) 4499151 (Monthly Rollup) |
Moderate | Remote Code Execution | 4493435 4493446 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4494440 (Security Update) | Moderate | Remote Code Execution | 4493470 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4494441 (Security Update) | Moderate | Remote Code Execution | 4493509 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4498206 (IE Cumulative) |
Moderate | Remote Code Execution | 4493471 4493435 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4498206 (IE Cumulative) |
Moderate | Remote Code Execution | 4493471 4493435 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4499154 (Security Update) | Critical | Remote Code Execution | 4493475 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4499154 (Security Update) | Critical | Remote Code Execution | 4493475 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Critical | Remote Code Execution | 4493474 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Critical | Remote Code Execution | 4493474 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2016 | 4494440 (Security Update) | Moderate | Remote Code Execution | 4493470 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4494441 (Security Update) | Moderate | Remote Code Execution | 4493509 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0884 | Four Fire |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0886 MITRE NVD |
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0886 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Information Disclosure | 4493474 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Information Disclosure | 4493441 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0886 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0892 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0892 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0892 | Zhang Yunhai of NSFOCUS http://www.nsfocus.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0893 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0893 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0893 | Honggang Ren of Fortinet's FortiGuard Labs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0894 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0894 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0894 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0895 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0895 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0895 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0896 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0896 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0896 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0897 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0897 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0897 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ Keqi Hu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0898 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0898 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0898 | Honggang Ren of Fortinet's FortiGuard Labs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0899 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0899 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0899 | Hardik Shah of McAfee https://twitter.com/hardik05 Gal De Leon and Bar Lahav of Palo Alto Networks https://www.paloaltonetworks.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0900 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0900 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0900 | Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0901 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0901 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0901 | Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0902 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0902 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Remote Code Execution | 4493475 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Remote Code Execution | 4493474 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Remote Code Execution | 4493441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Remote Code Execution | 4493446 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Remote Code Execution | 4493471 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Remote Code Execution | 4493472 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Remote Code Execution | 4493451 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Remote Code Execution | 4493446 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Remote Code Execution | 4493470 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Remote Code Execution | 4493509 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Remote Code Execution | 4493464 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Remote Code Execution | None | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0902 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ Hardik Shah of McAfee https://twitter.com/hardik05 Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0903 MITRE NVD |
CVE Title: GDI+ Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0903 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Critical | Remote Code Execution | 4493475 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Critical | Remote Code Execution | 4493475 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Critical | Remote Code Execution | 4493474 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Critical | Remote Code Execution | 4493474 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Critical | Remote Code Execution | 4493441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Critical | Remote Code Execution | 4493472 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Critical | Remote Code Execution | 4493472 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Critical | Remote Code Execution | 4493446 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Critical | Remote Code Execution | 4493446 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Critical | Remote Code Execution | 4493446 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Critical | Remote Code Execution | 4493471 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Critical | Remote Code Execution | 4493471 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Critical | Remote Code Execution | 4493471 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Critical | Remote Code Execution | 4493471 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Critical | Remote Code Execution | 4493471 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Critical | Remote Code Execution | 4493472 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Critical | Remote Code Execution | 4493472 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Critical | Remote Code Execution | 4493472 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Critical | Remote Code Execution | 4493451 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Critical | Remote Code Execution | 4493451 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Critical | Remote Code Execution | 4493446 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Critical | Remote Code Execution | 4493446 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Critical | Remote Code Execution | 4493470 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Critical | Remote Code Execution | 4493509 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Critical | Remote Code Execution | 4493464 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Critical | Remote Code Execution | None | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0903 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0932 MITRE NVD |
CVE Title: Skype for Android Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Skype for Android. An attacker that exploited the vulnerability could listen to the conversation of a Skype for Android user without the user’s knowledge. To exploit the vulnerability, an attacker would need to call an Android phone with Skype for Android installed that’s also paired with a Bluetooth device. The security update addresses the vulnerability by correcting how Skype for Android answers incoming calls. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is audio from a cellular phone call. How do I get the update for Skype for Android?
Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0932 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Skype 8.35 when installed on Android Devices | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2019-0932 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0942 MITRE NVD |
CVE Title: Unified Write Filter Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry. An attacker who successfully exploited the vulnerability could make changes to the registry keys protected by UWF without having administrator privileges. To exploit the vulnerability, an attacker would have to log on to an affected system utilizing UWF and access the registry editor. The security update addresses the vulnerability by correcting how the Unified Write Filter verifies privileges when accessing the registry. FAQ: What is the Unified Write Filter feature? Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is usually cleared during a reboot or when a guest user logs off. More information is available at https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0942 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Elevation of Privilege | 4493475 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Elevation of Privilege | 4493475 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Elevation of Privilege | 4493474 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Elevation of Privilege | 4493474 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Elevation of Privilege | 4493441 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Elevation of Privilege | 4493470 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Elevation of Privilege | 4493509 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Elevation of Privilege | 4493464 | Base: 4.40 Temporal: 4.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0942 | Thomas Levering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0945 MITRE NVD |
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0945 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4464567 (Security Update) | Important | Remote Code Execution | 4464520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4464567 (Security Update) | Important | Remote Code Execution | 4464520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4464561 (Security Update) | Important | Remote Code Execution | 4462204 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4464561 (Security Update) | Important | Remote Code Execution | 4462204 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4464561 (Security Update) | Important | Remote Code Execution | 4462204 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4464551 (Security Update) | Important | Remote Code Execution | 4462213 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4464551 (Security Update) | Important | Remote Code Execution | 4462213 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0945 | Keqi Hu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0946 MITRE NVD |
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0946 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4464567 (Security Update) | Important | Remote Code Execution | 4464520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4464567 (Security Update) | Important | Remote Code Execution | 4464520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4464561 (Security Update) | Important | Remote Code Execution | 4462204 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4464561 (Security Update) | Important | Remote Code Execution | 4462204 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4464561 (Security Update) | Important | Remote Code Execution | 4462204 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4464551 (Security Update) | Important | Remote Code Execution | 4462213 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4464551 (Security Update) | Important | Remote Code Execution | 4462213 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0946 | Keqi Hu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0947 MITRE NVD |
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0947 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4464567 (Security Update) | Important | Remote Code Execution | 4464520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4464567 (Security Update) | Important | Remote Code Execution | 4464520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-0947 | Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0956 MITRE NVD |
CVE Title: Microsoft SharePoint Server Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII). Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0956 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4464549 (Security Update) | Important | Information Disclosure | 4464510 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4464564 (Security Update) | Important | Information Disclosure | 4464515 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-0956 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0957 MITRE NVD |
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0957 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4464549 (Security Update) | Important | Elevation of Privilege | 4464510 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4464556 (Security Update) | Important | Elevation of Privilege | 4464518 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-0957 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0958 MITRE NVD |
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0958 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4464564 (Security Update) | Important | Elevation of Privilege | 4464515 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4464556 (Security Update) | Important | Elevation of Privilege | 4464518 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-0958 | Ahmed Radi https://twitter/0xRadi |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0961 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0961 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Information Disclosure | 4493475 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Information Disclosure | 4493475 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Information Disclosure | 4493474 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Information Disclosure | 4493474 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Information Disclosure | 4493441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Information Disclosure | 4493441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Information Disclosure | 4493441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4499151 (Monthly Rollup) | Important | Information Disclosure | 4493446 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4499149 (Monthly Rollup) 4499180 (Security Only) |
Important | Information Disclosure | 4493471 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4499164 (Monthly Rollup) 4499175 (Security Only) |
Important | Information Disclosure | 4493472 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Information Disclosure | 4493451 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4499158 (Security Only) 4499171 (Monthly Rollup) |
Important | Information Disclosure | 4493451 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4499151 (Monthly Rollup) 4499165 (Security Only) |
Important | Information Disclosure | 4493446 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4494440 (Security Update) | Important | Information Disclosure | 4493470 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4494441 (Security Update) | Important | Information Disclosure | 4493509 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4499167 (Security Update) | Important | Information Disclosure | 4493464 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4497936 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0961 | Kamlapati Choubey of Trend Micro |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0963 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0963 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4464564 (Security Update) | Important | Spoofing | 4464515 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-0963 | Huynh Phuoc Hung, @hph0var https://twitter.com/hph0var |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0971 MITRE NVD |
CVE Title: Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server. To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack. The update addresses the vulnerability by modifying how Azure DevOps Server and Microsoft Team Foundation Server manage server authentication. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is device information like resource ids, sas tokens, user properties, and other sensitive information. Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0971 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure DevOps Server 2019 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Team Foundation Server 2018 Update 3.2 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-0971 | Paolo Giai Polict
https://polict.net/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0980 MITRE NVD |
CVE Title: .Net Framework and .Net Core Denial of Service Vulnerability
Description: A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application. The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-05-14T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0980 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| .NET Core 1.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| .NET Core 1.1 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| .NET Core 2.1 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| .NET Core 2.2 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4498964 (Security Only) 4499409 (Monthly Rollup) |
Important | Denial of Service | 4487081; 4487259 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4498964 (Security Only) 4499409 (Monthly Rollup) |
Important | Denial of Service | 4487081; 4487259 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4498964 (Security Only) 4499409 (Monthly Rollup) |
Important | Denial of Service | 4487081; 4487259 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4498964 (Security Only) 4499409 (Monthly Rollup) |
Important | Denial of Service | 4487081; 4487259 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4498964 (Security Only) 4499409 (Monthly Rollup) |
Important | Denial of Service | 4487081; 4487259 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4498964 (Security Only) 4499409 (Monthly Rollup) |
Important | Denial of Service | 4487081; 4487259 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems | 4499154 (Security Update) | Important | Denial of Service | 4493475 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems | 4499154 (Security Update) | Important | Denial of Service | 4493475 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems | 4494440 (Security Update) | Important | Denial of Service | 4493470 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems | 4494440 (Security Update) | Important | Denial of Service | 4493470 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems | 4499181 (Security Update) | Important | Denial of Service | 4493474 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems | 4499181 (Security Update) | Important | Denial of Service | 4493474 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems | 4499179 (Security Update) | Important | Denial of Service | 4493441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for ARM64-based Systems | 4499179 (Security Update) | Important | Denial of Service | 4493441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems | 4499179 (Security Update) | Important | Denial of Service | 4493441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems | 4499167 (Security Update) | Important | Denial of Service | 4493464 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for ARM64-based Systems | 4499167 (Security Update) | Important | Denial of Service | 4493464 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems | 4499167 (Security Update) | Important | Denial of Service | 4493464 | B | |