This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
.NET Framework | CVE-2019-0545 | .NET Framework Information Disclosure Vulnerability |
Adobe Flash Player | ADV190001 | January 2019 Adobe Flash Update |
Android App | CVE-2019-0622 | Skype for Android Elevation of Privilege Vulnerability |
ASP.NET | CVE-2019-0548 | ASP.NET Core Denial of Service Vulnerability |
ASP.NET | CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability |
Internet Explorer | CVE-2019-0541 | MSHTML Engine Remote Code Execution Vulnerability |
Microsoft Edge | CVE-2019-0565 | Microsoft Edge Memory Corruption Vulnerability |
Microsoft Edge | CVE-2019-0566 | Microsoft Edge Elevation of Privilege Vulnerability |
Microsoft Exchange Server | CVE-2019-0586 | Microsoft Exchange Memory Corruption Vulnerability |
Microsoft Exchange Server | CVE-2019-0588 | Microsoft Exchange Information Disclosure Vulnerability |
Microsoft JET Database Engine | CVE-2019-0576 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0538 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0575 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0577 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0582 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0583 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0584 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0581 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0578 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0579 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0580 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0560 | Microsoft Office Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-0561 | Microsoft Word Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-0585 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0559 | Microsoft Outlook Information Disclosure Vulnerability |
Microsoft Office SharePoint | CVE-2019-0562 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office SharePoint | CVE-2019-0556 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2019-0558 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2019-0557 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Scripting Engine | CVE-2019-0568 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0567 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0539 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows | CVE-2019-0574 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0573 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0571 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0572 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0543 | Microsoft Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0570 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft XML | CVE-2019-0555 | Microsoft XmlDocument Elevation of Privilege Vulnerability |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
Visual Studio | CVE-2019-0537 | Microsoft Visual Studio Information Disclosure Vulnerability |
Visual Studio | CVE-2019-0546 | Visual Studio Remote Code Execution Vulnerability |
Windows COM | CVE-2019-0552 | Windows COM Elevation of Privilege Vulnerability |
Windows DHCP Client | CVE-2019-0547 | Windows DHCP Client Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-0550 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-0551 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Kernel | CVE-2019-0569 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-0536 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-0554 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-0549 | Windows Kernel Information Disclosure Vulnerability |
Windows Subsystem for Linux | CVE-2019-0553 | Windows Subsystem for Linux Information Disclosure Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0538 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2018-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0538 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0538 | Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com Honggang Ren of Fortinet's FortiGuard Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0536 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0536 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Information Disclosure | 4471320 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0536 | Ruibo Liu of Baidu XLab Tianya Team http://xlab.baidu.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0585 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. FAQ: I have Microsoft Word 2010 installed. Why am I not being offered the 4461617 update? The 4461617 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0585 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4461617 (Security Update) | Important | Remote Code Execution | 4461524 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4461617 (Security Update) | Important | Remote Code Execution | 4461524 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Online Server | 4461633 (Security Update) | Important | Remote Code Execution | 4011027 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office Web Apps Server 2010 Service Pack 2 | 4461620 (Security Update) | Important | Remote Code Execution | 2965312 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office Word Viewer | 4461635 (Security Update) | Important | Remote Code Execution | 4092434 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4461589 (Security Update) | Important | Remote Code Execution | 4022234 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 4461598 (Security Update) | Important | Remote Code Execution | 4461541 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Server 2019 | 4461634 (Security Update) | Important | Remote Code Execution | 4461548 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4461625 (Security Update) | Important | Remote Code Execution | 4461526 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4461625 (Security Update) | Important | Remote Code Execution | 4461526 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4461594 (Security Update) | Important | Remote Code Execution | 4461485 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4461594 (Security Update) | Important | Remote Code Execution | 4461485 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4461594 (Security Update) | Important | Remote Code Execution | 4461485 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4461543 (Security Update) | Important | Remote Code Execution | 4461504 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4461543 (Security Update) | Important | Remote Code Execution | 4461504 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 | 4461612 (Security Update) | Important | Remote Code Execution | 4461520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0585 | Jaanus Kp, Clarified Security working with Trend Micro's Zero Day Initiative http://www.zerodayinitiative.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | |||||||||||||||||||||||||||||||||
ADV990001 MITRE NVD |
CVE Title: Latest Servicing Stack Updates
Description: This is a list of the latest servicing stack updates for each operating sytem. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. FAQ: 1. Why are all of the Servicing Stack Updates (SSU) critical updates? The SSUs are classified as Critical updates. This does not indicate that there is a critical vulnerability being addressed in the update. 2. When was the most recent SSU released for each version of Microsoft Windows? Please refer to the following table for the most recent SSU release. We will update the entries any time a new SSU is released:
Mitigations: None Workarounds: None Revision: 4.0 2019-01-08T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section for more information. 3.0 2018-12-11T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 1.1 2018-11-14T08:00:00 Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational change only. 3.2 2018-12-12T08:00:00 Fixed a typo in the FAQ. 3.1 2018-12-11T08:00:00 Updated supersedence information. This is an informational change only. 2.0 2018-12-05T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 2.0 2018-12-05T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 1.2 2018-12-03T08:00:00 FAQs have been added to further explain Security Stack Updates. The FAQs include a table that indicates the most recent SSU release for each Windows version. This is an informational change only. 1.0 2018-11-13T08:00:00 Information published. |
Critical | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
ADV990001 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093430 (Servicing Stack Update) | Critical | Defense in Depth | 4021701 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 for x64-based Systems | 4093430 (Servicing Stack Update) | Critical | Defense in Depth | 4021701 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4465659 (Servicing Stack Update) | Critical | Defense in Depth | 4132216 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4465659 (Servicing Stack Update) | Critical | Defense in Depth | 4132216 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4486458 (Servicing Stack Update) | Critical | Defense in Depth | 4465660 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4486458 (Servicing Stack Update) | Critical | Defense in Depth | 4465660 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4477136 (Servicing Stack Update) | Critical | Defense in Depth | 4465661 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4477136 (Servicing Stack Update) | Critical | Defense in Depth | 4465661 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4477136 (Servicing Stack Update) | Critical | Defense in Depth | 4465661 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4477137 (Servicing Stack Update) | Critical | Defense in Depth | 4465663 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4477137 (Servicing Stack Update) | Critical | Defense in Depth | 4465663 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4477137 (Servicing Stack Update) | Critical | Defense in Depth | 4465663 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4470788 (Servicing Stack Update) | Critical | Defense in Depth | 4465664 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4470788 (Servicing Stack Update) | Critical | Defense in Depth | 4465664 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4470788 (Servicing Stack Update) | Critical | Defense in Depth | 4465664 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 3177467 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 3177467 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 8.1 for 32-bit systems | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 8.1 for x64-based systems | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 955430 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 955430 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 955430 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 955430 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 955430 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 3177467 (Service Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 3177467 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 3177467 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 | 3173426 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 (Server Core installation) | 3173426 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 R2 | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 R2 (Server Core installation) | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2016 | 4465659 (Servicing Stack Update) | Critical | Defense in Depth | 4132216 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2016 (Server Core installation) | 4465659 (Servicing Stack Update) | Critical | Defense in Depth | 4132216 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 | 4470788 (Servicing Stack Update) | Critical | Defense in Depth | 4465664 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 (Server Core installation) | 4470788 (Servicing Stack Update) | Critical | Defense in Depth | 4465664 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4477136 (Servicing Stack Update) | Critical | Defense in Depth | 4465661 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4477137 (Servicing Stack Update) | Critical | Defense in Depth | 4465663 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
ADV990001 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0541 MITRE NVD |
CVE Title: MSHTML Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0541 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4480975 (Monthly Rollup) 4480965 (IE Cumulative) |
Low | Remote Code Execution | 4471330 4483187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4480970 (Monthly Rollup) 4480965 (IE Cumulative) |
Important | Remote Code Execution | 4471318 4483187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4480965 (IE Cumulative) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4483187 4471318 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4480963 (Monthly Rollup) 4480965 (IE Cumulative) |
Important | Remote Code Execution | 4471320 4483187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480965 (IE Cumulative) |
Important | Remote Code Execution | 4471320 4483187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480965 (IE Cumulative) 4480970 (Monthly Rollup) |
Low | Remote Code Execution | 4483187 4471318 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480965 (IE Cumulative) |
Low | Remote Code Execution | 4471320 4483187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4480961 (Security Update) | Low | Remote Code Execution | 4471321 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2019 | 4480116 (Security Update) | Low | Remote Code Execution | 4483235 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480965 (IE Cumulative) 4480968 (Monthly Rollup) |
Low | Remote Code Execution | 4483187 4471325 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4480965 (IE Cumulative) 4480968 (Monthly Rollup) |
Low | Remote Code Execution | 4483187 4471325 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Microsoft Excel Viewer 2007 Service Pack 3 | 2596760 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 2553332 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 2553332 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 3172522 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 3172522 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 3172522 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4022162 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4022162 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Word Viewer | 4462112 (Security Update) | Important | Remote Code Execution | 4092433 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-0541 | eprado working with iDefense Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0545 MITRE NVD |
CVE Title: .NET Framework Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is search criteria. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0545 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
.NET Core 2.1 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
.NET Core 2.2 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480084 (Security Only) 4480062 (Monthly Rollup) |
Important | Information Disclosure | 4471990 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480084 (Security Only) 4480062 (Monthly Rollup) |
Important | Information Disclosure | 4471990 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4480084 (Security Only) 4480062 (Monthly Rollup) |
Important | Information Disclosure | 4471990 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480084 (Security Only) 4480062 (Monthly Rollup) |
Important | Information Disclosure | 4471990 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480084 (Security Only) 4480062 (Monthly Rollup) |
Important | Information Disclosure | 4471990 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4480084 (Security Only) 4480062 (Monthly Rollup) |
Important | Information Disclosure | 4471990 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Information Disclosure | 4483229 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for 32-bit Systems | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for x64-based Systems | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems | 4480086 (Security Only) 4480064 (Monthly Rollup) |
Important | Information Disclosure | 4467226; 4471983 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems | 4480086 (Security Only) 4480064 (Monthly Rollup) |
Important | Information Disclosure | 4467226; 4471983 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 | 4480083 (Security Only) 4480061 (Monthly Rollup) |
Important | Information Disclosure | 4471988, 3142025 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 4480083 (Security Only) 4480061 (Monthly Rollup) |
Important | Information Disclosure | 4471988, 3142025 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 4480086 (Security Only) 4480064 (Monthly Rollup) |
Important | Information Disclosure | 4467226; 4471983 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 4480086 (Security Only) 4480064 (Monthly Rollup) |
Important | Information Disclosure | 4467226; 4471983 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2016 | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows Server 2019 | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2019 (Server Core installation) | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 | 4480085 (Security Only) 4480063 (Monthly Rollup) |
Important | Information Disclosure | 4471987, 3142024 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 | 4480085 (Security Only) 4480063 (Monthly Rollup) |
Important | Information Disclosure | 4471987, 3142024 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480085 (Security Only) 4480063 (Monthly Rollup) |
Important | Information Disclosure | 4471987, 3142024 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480085 (Security Only) 4480063 (Monthly Rollup) |
Important | Information Disclosure | 4471987, 3142024 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480085 (Security Only) 4480063 (Monthly Rollup) |
Important | Information Disclosure | 4471987, 3142024 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 | 4480059 (Monthly Rollup) 4480076 (Security Only) |
Important | Information Disclosure | 4471987, 3142033, 2972107 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 | 4480059 (Monthly Rollup) 4480076 (Security Only) |
Important | Information Disclosure | 4471987, 3142033, 2972107 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems | 4480074 (Security Only) 4480057 (Monthly Rollup) |
Important | Information Disclosure | 4461989, 3142030, 2978041 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems | 4480074 (Security Only) 4480057 (Monthly Rollup) |
Important | Information Disclosure | 4461989, 3142030, 2978041 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows RT 8.1 | 4480057 (Monthly Rollup) | Important | Information Disclosure | 4461989, 3142030, 2978041 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480076 (Security Only) 4480059 (Monthly Rollup) |
Important | Information Disclosure | 4461990, 3142033, 2972107 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4480076 (Security Only) 4480059 (Monthly Rollup) |
Important | Information Disclosure | 4461990, 3142033, 2972107 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480059 (Monthly Rollup) 4480076 (Security Only) |
Important | Information Disclosure | 4471987, 3142033, 2972107 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480059 (Monthly Rollup) 4480076 (Security Only) |
Important | Information Disclosure | 4471987, 3142033, 2972107 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 | 4480075 (Security Only) 4480058 (Monthly Rollup) |
Important | Information Disclosure | 4461988, 3142032, 2978042 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) | 4480075 (Security Only) 4480058 (Monthly Rollup) |
Important | Information Disclosure | 4461988, 3142032, 2978042 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 | 4480074 (Security Only) 4480057 (Monthly Rollup) |
Important | Information Disclosure | 4461989, 3142030, 2978041 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) | 4480074 (Security Only) 4480057 (Monthly Rollup) |
Important | Information Disclosure | 4461989, 3142030, 2978041 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480072 (Security Only) 4480055 (Monthly Rollup) |
Important | Information Disclosure | 4471990, 3142037 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4480072 (Security Only) 4480055 (Monthly Rollup) |
Important | Information Disclosure | 4471990, 3142037 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Information Disclosure | 4483229 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 | 4480055 (Monthly Rollup) 4480072 (Security Only) |
Important | Information Disclosure | 4471987, 3142037
|
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 | 4480055 (Monthly Rollup) 4480072 (Security Only) |
Important | Information Disclosure | 4471987, 3142037
|
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems | 4480071 (Security Only) 4480054 (Monthly Rollup) |
Important | Information Disclosure | 4471989 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems | 4480071 (Security Only) 4480054 (Monthly Rollup) |
Important | Information Disclosure | 4471989 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 | 4480054 (Monthly Rollup) | Important | Information Disclosure | 4471989 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480055 (Monthly Rollup) 4480072 (Security Only) |
Important | Information Disclosure | 4471987, 3142037
|
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480055 (Monthly Rollup) 4480072 (Security Only) |
Important | Information Disclosure | 4471987, 3142037
|
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 4480070 (Security Only) 4480051 (Monthly Rollup) |
Important | Information Disclosure | 4471988 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 4480070 (Security Only) 4480051 (Monthly Rollup) |
Important | Information Disclosure | 4471988 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 4480071 (Security Only) 4480054 (Monthly Rollup) |
Important | Information Disclosure | 4471989 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 4480071 (Security Only) 4480054 (Monthly Rollup) |
Important | Information Disclosure | 4471989 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows Server 2019 | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) | 4480056 (Monthly Rollup) | Important | Information Disclosure | 4470502 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0545 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0537 MITRE NVD |
CVE Title: Microsoft Visual Studio Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file. An attacker who took advantage of this information disclosure could view arbitrary file contents from the computer where the victim launched Visual Studio. To take advantage of the vulnerability, an attacker would need to trick a user into opening a malicious .vscontent file using a vulnerable version of Visual Studio. An attacker would have no way to force a developer to produce this information disclosure. The security update addresses the vulnerability by correcting how Visual Studio loads .vscontent files. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0537 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2010 Service Pack 1 | 4476698 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2012 Update 5 | 4476755 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0537 | god of 9sg Security Team working with Trend Micro's Zero Day Initiative
https://9sgsec.com,http://www.zerodayinitiative.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0539 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0539 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Edge on Windows 10 for 32-bit Systems | 4480962 (Security Update) | Critical | Remote Code Execution | 4483228 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4480962 (Security Update) | Critical | Remote Code Execution | 4483228 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Critical | Remote Code Execution | 4471321 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4480961 (Security Update) | Moderate | Remote Code Execution | 4471321 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2019 | 4480116 (Security Update) | Moderate | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0539 | Lokihardt of Google Project Zero https://www.google.com Zhenhuan Li(@zenhumany) of Tencent Zhanlu Lab http://www.tencent.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0546 MITRE NVD |
CVE Title: Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file which was compiled with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file. The security update addresses the vulnerability by correcting how the Visual Studio C++ compiler handles certain C++ constructs. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0546 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.9 | Release Notes (Security Update) | Moderate | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0546 | Simon Zuckerbraun of Trend Micro Zero Day Initiative http://www.zerodayinitiative.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0543 MITRE NVD |
CVE Title: Microsoft Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0543 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Elevation of Privilege | 4471318 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Elevation of Privilege | 4471318 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Elevation of Privilege | 4471320 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Elevation of Privilege | 4471325 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Elevation of Privilege | 4471325 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Elevation of Privilege | 4471325 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Elevation of Privilege | 4471325 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Elevation of Privilege | 4471325 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Elevation of Privilege | 4471318 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Elevation of Privilege | 4471318 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Elevation of Privilege | 4471318 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Elevation of Privilege | 4471330 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Elevation of Privilege | 4471330 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0543 | James Forshaw of Google Project Zero http://www.google.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0547 MITRE NVD |
CVE Title: Windows DHCP Client Remote Code Execution Vulnerability
Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0547 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 9.80 Temporal: 8.80 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 9.80 Temporal: 8.80 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 9.80 Temporal: 8.80 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 9.80 Temporal: 8.80 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0547 | Mitch Adair, Microsoft Windows Enterprise Security Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0548 MITRE NVD |
CVE Title: ASP.NET Core Denial of Service Vulnerability
Description: A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0548 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ASP.NET Core 2.1 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
ASP.NET Core 2.2 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0548 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0549 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0549 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Information Disclosure | 4471320 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0549 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0550 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0550 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0550 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0551 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0551 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Critical | Remote Code Execution | 4471321 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Critical | Remote Code Execution | 4471321 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Critical | Remote Code Execution | 4471321 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0551 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0552 MITRE NVD |
CVE Title: Windows COM Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how Windows COM Desktop Broker processes interface requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0552 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Elevation of Privilege | 4471320 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0552 | James Forshaw of Google Project Zero http://www.google.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0553 MITRE NVD |
CVE Title: Windows Subsystem for Linux Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. A attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0553 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0553 | Anthony LAOU HINE TSUEI https://twitter.com/anarcheuz |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0554 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0554 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Information Disclosure | 4471320 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0554 | Ruibo Liu of Baidu XLab Tianya Team http://xlab.baidu.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0555 MITRE NVD |
CVE Title: Microsoft XmlDocument Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how the Microsoft XmlDocument class enforces sandboxing. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0555 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Elevation of Privilege | 4471320 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Elevation of Privilege | 4471330 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Elevation of Privilege | 4471330 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0555 | James Forshaw of Google Project Zero http://www.google.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0556 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0556 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4461596 (Security Update) | Important | Spoofing | 4461558 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0556 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0557 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0557 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 4461598 (Security Update) | Important | Spoofing | 4461541 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0557 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0558 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0558 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Business Productivity Servers 2010 Service Pack 2 | 4461624 (Security Update) | Important | Spoofing | 4461465 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4461591 (Security Update) | Important | Spoofing | 4461549 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 4461598 (Security Update) | Important | Spoofing | 4461541 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Server 2019 | 4461634 (Security Update) | Important | Spoofing | 4461548 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0558 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0559 MITRE NVD |
CVE Title: Microsoft Outlook Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker who successfully exploited this vulnerability could gather information about the victim. An attacker could exploit this vulnerability by sending a specially crafted email to the victim. The update addresses the vulnerability by correcting the way Microsoft Outlook handles these types of messages. FAQ: What type of information could be disclosed by this vulnerability? A victim could automatically download external content, which could disclose information to an attacker. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0559 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Outlook 2010 Service Pack 2 (32-bit editions) | 4461623 (Security Update) | Important | Information Disclosure | 4461576 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Outlook 2010 Service Pack 2 (64-bit editions) | 4461623 (Security Update) | Important | Information Disclosure | 4461576 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Outlook 2013 RT Service Pack 1 | 4461595 (Security Update) | Important | Information Disclosure | 4461556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | 4461595 (Security Update) | Important | Information Disclosure | 4461556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | 4461595 (Security Update) | Important | Information Disclosure | 4461556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Outlook 2016 (32-bit edition) | 4461601 (Security Update) | Important | Information Disclosure | 4461544 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Outlook 2016 (64-bit edition) | 4461601 (Security Update) | Important | Information Disclosure | 4461544 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-0559 | Rick Roane |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0560 MITRE NVD |
CVE Title: Microsoft Office Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain functions handle objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0560 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4461614 (Security Update) | Important | Information Disclosure | 4092483 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4461614 (Security Update) | Important | Information Disclosure | 4092483 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 4461537 (Security Update) | Important | Information Disclosure | 4461445 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4461537 (Security Update) | Important | Information Disclosure | 4461445 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4461537 (Security Update) | Important | Information Disclosure | 4461445 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4461535 (Security Update) | Important | Information Disclosure | 4461437 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4461535 (Security Update) | Important | Information Disclosure | 4461437 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-0560 | Tal Dery and Menahem Breuer of Mimecast Research Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0561 MITRE NVD |
CVE Title: Microsoft Word Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. An attacker who successfully exploited this vulnerability could read arbitrary files from a targeted system. To exploit the vulnerability, an attacker could craft a special document file and convince the user to open it. An attacker must know the file location whose data they wish to exfiltrate. The update addresses the vulnerability by changing the way certain Word functions handle security warnings FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0561 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4461617 (Security Update) | Important | Information Disclosure | 4461524 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4461617 (Security Update) | Important | Information Disclosure | 4461524 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Web Apps Server 2010 Service Pack 2 | 4461620 (Security Update) | Important | Information Disclosure | 2965312 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4461625 (Security Update) | Important | Information Disclosure | 4461526 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4461625 (Security Update) | Important | Information Disclosure | 4461526 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4461594 (Security Update) | Important | Information Disclosure | 4461485 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4461594 (Security Update) | Important | Information Disclosure | 4461485 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4461594 (Security Update) | Important | Information Disclosure | 4461485 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4461543 (Security Update) | Important | Information Disclosure | 4461504 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4461543 (Security Update) | Important | Information Disclosure | 4461504 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 | 4461612 (Security Update) | Important | Information Disclosure | 4461520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0561 | Pieter Ceelen & Stan Hegt, Outflank https://twitter.com/ptrpieter,https://twitter.com/stanhacked,https://www.outflank.nl |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0562 MITRE NVD |
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0562 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4461591 (Security Update) | Important | Elevation of Privilege | 4461549 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 4461598 (Security Update) | Important | Elevation of Privilege | 4461541 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Server 2019 | 4461634 (Security Update) | Important | Elevation of Privilege | 4461548 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0562 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
ADV190001 MITRE NVD |
CVE Title: January 2019 Adobe Flash Update
Description: This update does not address any security vulnerabilities. For more information, please see APSB19-01. Note: Please disregard mentions of security or vulnerability in this advisory. These are hardcoded titles that we were unable to change for this non-security Adobe Flash update. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
ADV190001 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Adobe Flash Player on Windows 10 for 32-bit Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 for x64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1709 for 32-bit Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1709 for ARM64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1709 for x64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1803 for 32-bit Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1803 for ARM64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1803 for x64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1809 for 32-bit Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1809 for ARM64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1809 for x64-based Systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 8.1 for 32-bit systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 8.1 for x64-based systems | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows RT 8.1 | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows Server 2012 | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows Server 2012 R2 | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows Server 2016 | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows Server 2019 | 4480979 (Update) | Unknown | Unknown | 4471331 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
ADV190001 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0564 MITRE NVD |
CVE Title: ASP.NET Core Denial of Service Vulnerability
Description: A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0564 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ASP.NET Core 2.1 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0564 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0565 MITRE NVD |
CVE Title: Microsoft Edge Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0565 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2019 | 4480116 (Security Update) | Moderate | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0565 | Jihui Lu of Tencent KeenLab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0566 MITRE NVD |
CVE Title: Microsoft Edge Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object. An attacker who successfully exploited the vulnerability could use the Browser Broker COM object to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0566 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge on Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4480961 (Security Update) | Low | Elevation of Privilege | 4471321 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2019 | 4480116 (Security Update) | Low | Elevation of Privilege | 4483235 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0566 | James Forshaw of Google Project Zero http://www.google.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0567 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0567 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Edge on Windows 10 for 32-bit Systems | 4480962 (Security Update) | Critical | Remote Code Execution | 4483228 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4480962 (Security Update) | Critical | Remote Code Execution | 4483228 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Critical | Remote Code Execution | 4471321 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Critical | Remote Code Execution | 4483229 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Critical | Remote Code Execution | 4483232 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4480961 (Security Update) | Moderate | Remote Code Execution | 4471321 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2019 | 4480116 (Security Update) | Moderate | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0567 | Zhenhuan Li(@zenhumany) of Tencent Zhanlu Lab http://www.tencent.com/ Qixun Zhao of Qihoo 360 Vulcan Team​ https://twitter.com/S0rryMybad,http://www.360.com/ MoonLiang of Tencent Security Xuanwu Lab https://xlab.tencent.com/ Lokihardt of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0568 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0568 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Critical | Remote Code Execution | 4483234 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Critical | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2019 | 4480116 (Security Update) | Moderate | Remote Code Execution | 4483235 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0568 | Lokihardt of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0569 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0569 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Information Disclosure | 4483228 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Information Disclosure | 4483229 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Information Disclosure | 4483229 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Information Disclosure | 4471320 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Information Disclosure | 4471320 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Information Disclosure | 4471325 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Information Disclosure | 4471318 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Information Disclosure | 4471330 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Information Disclosure | 4471320 |
Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Information Disclosure | 4471321 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Information Disclosure | 4483235 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Information Disclosure | 4483232 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Information Disclosure | 4483234 | Base: 5.50 Temporal: 5.50 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0569 | ZiMi and JunGu of Alibaba Orion Security Lab https://twitter.com/YHZX_2013,https://twitter.com/Bl1nnnk |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0570 MITRE NVD |
CVE Title: Windows Runtime Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0570 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Elevation of Privilege | 4471320 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Elevation of Privilege | 4471330 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Elevation of Privilege | 4471330 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Elevation of Privilege | 4471320 |
Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0570 | James Forshaw of Google Project Zero http://www.google.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0571 MITRE NVD |
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0571 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0571 | James Forshaw of Google Project Zero http://www.google.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0572 MITRE NVD |
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0572 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0572 | James Forshaw of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0573 MITRE NVD |
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0573 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0573 | James Forshaw of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0574 MITRE NVD |
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0574 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Elevation of Privilege | 4483228 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Elevation of Privilege | 4483229 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Elevation of Privilege | 4471321 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Elevation of Privilege | 4483235 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Elevation of Privilege | 4483232 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Elevation of Privilege | 4483234 | Base: 7.80 Temporal: 7.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0574 | James Forshaw of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0575 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0575 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0575 | Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0576 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0576 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0576 | Steven Seeley (mr_me) of Source Incite https://srcincite.io/ Hardik Shah of McAfee https://twitter.com/hardik05 Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0577 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0577 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0577 | Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com Steven Seeley (mr_me) of Source Incite https://srcincite.io/ Anonymous working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0578 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0578 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0578 | Steven Seeley (mr_me) of Source Incite https://srcincite.io/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0579 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0579 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0579 | Mitja Kolsek of 0patch Team - ACROS Security https://0patch.com/ Behzad Najjarpour Jabbari, Secunia Research at Flexera https://www.flexera.com/company/secunia-research/ Gal De Leon and Bar Lahav of Palo Alto Networks https://www.paloaltonetworks.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0580 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0580 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0580 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0581 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0581 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0581 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0582 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0582 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0582 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0583 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0583 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0583 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0584 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0584 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4480962 (Security Update) | Important | Remote Code Execution | 4483228 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4480973 (Security Update) | Important | Remote Code Execution | 4483229 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4480964 (Security Only) 4480963 (Monthly Rollup) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4480963 (Monthly Rollup) | Important | Remote Code Execution | 4471320 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4480957 (Security Only) 4480968 (Monthly Rollup) |
Important | Remote Code Execution | 4471325 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4480960 (Security Only) 4480970 (Monthly Rollup) |
Important | Remote Code Execution | 4471318 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4480972 (Security Only) 4480975 (Monthly Rollup) |
Important | Remote Code Execution | 4471330 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4480963 (Monthly Rollup) 4480964 (Security Only) |
Important | Remote Code Execution | 4471320 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4480961 (Security Update) | Important | Remote Code Execution | 4471321 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4480116 (Security Update) | Important | Remote Code Execution | 4483235 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4480978 (Security Update) | Important | Remote Code Execution | 4483232 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4480966 (Security Update) | Important | Remote Code Execution | 4483234 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-0584 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ Bar Lahav and Gal De Leon of Palo Alto Networks https://www.paloaltonetworks.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0586 MITRE NVD |
CVE Title: Microsoft Exchange Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server. The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2016-01-08T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0586 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2016 Cumulative Update 10 | 4471389 (Security Update) | Important | Remote Code Execution | 4468741 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Exchange Server 2016 Cumulative Update 11 | 4471389 (Security Update) | Important | Remote Code Execution | 4468741 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Exchange Server 2019 | 4471389 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0586 | Nicolas Joly of Microsoft Corporation https://twitter.com/n_joly |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0588 MITRE NVD |
CVE Title: Microsoft Exchange Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell. The attacker would then be able to view additional details about the calendar that would normally be hidden. The security update addresses the vulnerability by modifying how the Exchange PowerShell API grants permissions to contributors. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is miscellaneous details from calendar entries such as the subject of a meeting, which would otherwise not be disclosed. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0588 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 25 | 4468742 (Security Update) | Important | Information Disclosure | 4458321 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Exchange Server 2013 Cumulative Update 21 | 4471389 (Security Update) | Important | Information Disclosure | 4459266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Exchange Server 2016 Cumulative Update 10 | 4471389 (Security Update) | Important | Information Disclosure | 4468741 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Exchange Server 2016 Cumulative Update 11 | 4471389 (Security Update) | Important | Information Disclosure | 4468741 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Exchange Server 2019 | 4471389 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-0588 | Cameron Vincent https://twitter.com/secretlyhidden1 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-0622 MITRE NVD |
CVE Title: Skype for Android Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests. An attacker who successfully exploited this vulnerability could bypass Android's lockscreen and access a victim's personal information. To exploit the vulnerability, an attacker would need have physical access to the phone. The security update addresses the vulnerability by correcting how Skype for Android handles authentication requests. FAQ: How do I get the update for Skype for Android?
Does the vulnerability exist in Skype for Business or the consumer version of Skype? This vulnerability only affects the consumer version of Skype. Mitigations: None Workarounds: None Revision: 1.0 2019-01-08T08:00:00 Information published. |
Moderate | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-0622 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Skype 8.35 when installed on Android Devices | Moderate | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
CVE ID | Acknowledgements |
CVE-2019-0622 | Florian Kunushevci https://www.linkedin.com/in/floriankunushevci/ |