This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Adobe Flash Player | ADV190015 | June 2019 Adobe Flash Security Update |
| Kerberos | CVE-2019-0972 | Local Security Authority Subsystem Service Denial of Service Vulnerability |
| Microsoft Browsers | CVE-2019-1081 | Microsoft Browser Information Disclosure Vulnerability |
| Microsoft Browsers | CVE-2019-1038 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Devices | ADV190017 | Microsoft HoloLens Remote Code Execution Vulnerabilities |
| Microsoft Devices | ADV190016 | Bluetooth Low Energy Advisory |
| Microsoft Edge | CVE-2019-1054 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Exchange Server | ADV190018 | Microsoft Exchange Server Defense in Depth Update |
| Microsoft Graphics Component | CVE-2019-1018 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1047 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1046 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1013 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1015 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1016 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1048 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0977 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0960 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-0968 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1049 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1050 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0985 | Microsoft Speech API Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2019-1010 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1009 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1011 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1012 | Windows GDI Information Disclosure Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0905 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0904 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0906 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0908 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0909 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0907 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-1035 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-1034 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1032 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1036 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1031 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1033 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1002 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0991 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1080 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1023 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0993 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0992 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1024 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0990 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0988 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0989 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1055 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1052 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1051 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0920 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1003 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1064 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-1025 | Windows Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-1045 | Windows Network File System Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1043 | Comctl32 Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0710 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-0709 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0722 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0943 | Windows ALPC Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0713 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-0983 | Windows Storage Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0984 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0711 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-0948 | Windows Event Viewer Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0959 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0998 | Windows Storage Service Elevation of Privilege Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Business and Microsoft Lync | CVE-2019-1029 | Skype for Business and Lync Server Denial of Service Vulnerability |
| Team Foundation Server | CVE-2019-0996 | Azure DevOps Server Spoofing Vulnerability |
| VBScript | CVE-2019-1005 | Scripting Engine Memory Corruption Vulnerability |
| Windows Authentication Methods | CVE-2019-1040 | Windows NTLM Tampering Vulnerability |
| Windows Hyper-V | CVE-2019-0620 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows IIS | CVE-2019-0941 | Microsoft IIS Server Denial of Service Vulnerability |
| Windows Installer | CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1044 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability |
| Windows Kernel | CVE-2019-1014 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1017 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1065 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1041 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1039 | Windows Kernel Information Disclosure Vulnerability |
| Windows Media | CVE-2019-1026 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1007 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1027 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1022 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1021 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1028 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows NTLM | CVE-2019-1019 | Microsoft Windows Security Feature Bypass Vulnerability |
| Windows Shell | CVE-2019-0986 | Windows User Profile Service Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2019-1053 | Windows Shell Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0888 MITRE NVD |
CVE Title: ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0888 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Critical | Remote Code Execution | 4499151 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Critical | Remote Code Execution | 4499171 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Critical | Remote Code Execution | 4499171 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0888 | Yaniv Frank of SophosLabs https://www.sophos.com/en-us/labs.aspx |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0904 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0904 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0904 | Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0905 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0905 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0905 | Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0906 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0906 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0906 | Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0907 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0907 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0907 | Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0908 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0908 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0908 | rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0909 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0909 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0909 | Gal De Leon and Bar Lahav of Palo Alto Networks https://www.paloaltonetworks.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0941 MITRE NVD |
CVE Title: Microsoft IIS Server Denial of Service Vulnerability
Description: A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering. The update addresses the vulnerability by changing the way certain requests are processed by the filter. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0941 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Denial of Service | 4499151 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Denial of Service | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Denial of Service | 4499149 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0941 | Hoai Viet Nguyen of Data & Application Security Group of TH Köln https://das.th-koeln.de/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0943 MITRE NVD |
CVE Title: Windows ALPC Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0943 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0943 | James Forshaw of Google Project Zero http://www.google.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0948 MITRE NVD |
CVE Title: Windows Event Viewer Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Moderate | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0948 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Moderate | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Moderate | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Moderate | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Moderate | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Moderate | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Moderate | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Moderate | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Moderate | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Moderate | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Moderate | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Moderate | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Moderate | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Moderate | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Moderate | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Moderate | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Moderate | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Moderate | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Moderate | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Moderate | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Moderate | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Moderate | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Moderate | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Moderate | Information Disclosure | 4499151 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Moderate | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Moderate | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Moderate | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Moderate | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Moderate | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Moderate | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Moderate | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Moderate | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Moderate | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Moderate | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Moderate | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Moderate | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Moderate | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Moderate | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Moderate | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Moderate | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Moderate | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Moderate | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0948 | Eran Vaknin, Alon Boxiner, Oded Vanunu https://il.linkedin.com/in/eran-vaknin,https://il.linkedin.com/in/alon-boxiner-a1a713b4,https://il.linkedin.com/in/oded-vanunu-a131283 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0959 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0959 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0959 | James Forshaw of Google Project Zero http://www.google.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0972 MITRE NVD |
CVE Title: Local Security Authority Subsystem Service Denial of Service Vulnerability
Description: This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0972 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Denial of Service | 4499151 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.60 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0972 | Danyal Drew of The Missing Link https://www.themissinglink.com.au/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0973 MITRE NVD |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0973 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Elevation of Privilege | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0973 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0974 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0974 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0974 | Shih-Fong Peng (@_L4ys) of Team T5 https://twitter.com/_L4ys,https://teamt5.org |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0984 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0984 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0984 | pgboy http://weibo.com/pgboy1988 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0988 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0988 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4503285 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499171 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4503259 (IE Cumulative) | Moderate | Remote Code Execution | 4498206 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4503276 (Monthly Rollup) | Moderate | Remote Code Execution | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0988 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0989 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0989 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0989 | Qixun Zhao of Qihoo 360 Vulcan Team https://twitter.com/S0rryMybad,http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1009 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1009 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1009 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1010 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1010 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Information Disclosure | 4499151 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1010 | Kamlapati Choubey of Trend Micro |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1011 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1011 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1011 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1012 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1012 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Information Disclosure | 4499151 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1012 | Sooraj K S (@soorajks) working with Trend Micro's Zero Day Initiative https://twitter.com/soorajks,https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1013 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1013 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1013 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1014 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1014 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1014 | Omri Herscovici of Check Point https://www.checkpoint.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1015 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1015 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1015 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1016 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1016 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1016 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1017 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1017 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1017 | pgboy of Qihoo 360 Vulcan Team https://weibo.com/pgboy1988,https://www.360.cn/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1018 MITRE NVD |
CVE Title: DirectX Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1018 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1018 | Rohit Mothe of iDefense Labs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1029 MITRE NVD |
CVE Title: Skype for Business and Lync Server Denial of Service Vulnerability
Description: A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. To exploit the vulnerability, an attacker needs to obtain a dial-in link for a vulnerable server and then initiates a series of calls within a short amount of time. The update addresses the vulnerability by correcting the way that Skype for Business server handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1029 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Lync Server 2010 | 4506009 (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Lync Server 2013 | 4506009 (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-1029 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1036 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1036 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Project Server 2010 Service Pack 2 | 4092442 (Security Update) | Important | Spoofing | 4022210 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4464594 (Security Update) | Important | Spoofing | 4464549 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4464602 (Security Update) | Important | Spoofing | 4464564 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4475512 (Security Update) | Important | Spoofing | 4464556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-1036 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1046 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1046 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Information Disclosure | 4499151 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1046 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1047 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1047 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1047 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1048 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1048 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1048 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1049 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1049 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1049 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1050 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1050 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Information Disclosure | 4499151 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1050 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1054 MITRE NVD |
CVE Title: Microsoft Edge Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. The security update addresses the security feature bypass by correcting how Edge handles MOTW tagging. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1054 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Security Feature Bypass | 4494440 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Security Feature Bypass | 4494440 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Security Feature Bypass | 4499181 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Security Feature Bypass | 4499181 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Security Feature Bypass | 4499179 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Security Feature Bypass | 4499179 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Security Feature Bypass | 4499179 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Security Feature Bypass | 4499167 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Security Feature Bypass | 4499167 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Security Feature Bypass | 4499167 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Security Feature Bypass | 4497936 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Security Feature Bypass | 4497936 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Security Feature Bypass | 4497936 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Low | Security Feature Bypass | 4494440 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Low | Security Feature Bypass | 4494441 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1054 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1055 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1055 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4503285 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499171 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499164 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4503259 (IE Cumulative) | Moderate | Remote Code Execution | 4498206 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499151 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499149 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4503287 (Security Only) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1055 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV190018 MITRE NVD |
CVE Title: Microsoft Exchange Server Defense in Depth Update
Description: Microsoft has released an update for Microsoft Exchange Server that provides enhanced security as a defense in depth measure. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Unknown | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| ADV190018 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2010 Service Pack 3 | 4503028 (Security Update) | Unknown | Defense in Depth | 4491413 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Exchange Server 2013 Cumulative Update 22 | 4503028 (Security Update) | Unknown | Defense in Depth | 4487563 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 11 | 4503027 (Security Update) | Unknown | Defense in Depth | 4487563 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 12 | 4503027 (Security Update) | Unknown | Defense in Depth | 4487563 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Exchange Server 2019 | 4503027 (Security Update) | Unknown | Defense in Depth | 4487563 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 1 | 4503027 (Security Update) | Unknown | Defense in Depth | 4487563 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| ADV190018 | Nicolas Joly of Microsoft Corporation https://twitter.com/n_joly |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| ADV990001 MITRE NVD |
CVE Title: Latest Servicing Stack Updates
Description: This is a list of the latest servicing stack updates for each operating sytem. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. FAQ: 1. Why are all of the Servicing Stack Updates (SSU) critical updates? The SSUs are classified as Critical updates. This does not indicate that there is a critical vulnerability being addressed in the update. 2. When was the most recent SSU released for each version of Microsoft Windows? Please refer to the following table for the most recent SSU release. We will update the entries any time a new SSU is released:
Mitigations: None Workarounds: None Revision: 5.0 2019-02-12T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1607, Windows Server 2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703; Windows 10 Version 1709 and Windows Server, version 1709 (Server Core Installation); Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 3.2 2018-12-12T08:00:00 Fixed a typo in the FAQ. 5.2 2019-02-14T08:00:00 In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1803 for x64-based Systems to 4485449. This is an informational change only. 3.1 2018-12-11T08:00:00 Updated supersedence information. This is an informational change only. 5.1 2019-02-13T08:00:00 In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1809 for x64-based Systems to 4470788. This is an informational change only. 1.2 2018-12-03T08:00:00 FAQs have been added to further explain Security Stack Updates. The FAQs include a table that indicates the most recent SSU release for each Windows version. This is an informational change only. 9.0 2019-06-11T07:00:00 A Servicing Stack Update has been released for Windows 10 version 1607, Windows Server 2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section for more information. 1.1 2018-11-14T08:00:00 Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational change only. 7.0 2019-04-09T07:00:00 A Servicing Stack Update has been released for Windows Server 2008 and Windows Server 2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019, and Windows Server 2019 (Server Core installation). See the FAQ section for more information. 8.0 2019-05-14T07:00:00 A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10 version 1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version 1709, Windows Server, version 1709, Windows 10 version 1803, Windows Server, version 1803, Windows 10 version 1809, Windows Server 2019, Windows 10 version 1809 and Windows Server, version 1809. See the FAQ section for more information. 3.0 2018-12-11T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 2.0 2018-12-05T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 1.0 2018-11-13T08:00:00 Information published. 4.0 2019-01-08T08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section for more information. 6.0 2019-03-12T07:00:00 A Servicing Stack Update has been released for Windows 7 and Windows Server 2008 R2 and Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information. |
Critical | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| ADV990001 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4498353 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4498353 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503537 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503537 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4500640 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4500640 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4500641 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4500641 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4500641 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4497398 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4497398 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4497398 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4504369 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4504369 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4504369 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4500109 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4500109 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4500109 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4490628 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4490628 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for 32-bit systems | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4493730 (Servicing Stack Update) | Critical | Defense in Depth | 955430 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4493730 (Servicing Stack Update) | Critical | Defense in Depth | 955430 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4493730 (Servicing Stack Update) | Critical | Defense in Depth | 955430 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4493730 (Servicing Stack Update) | Critical | Defense in Depth | 955430 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4493730 (Servicing Stack Update) | Critical | Defense in Depth | 955430 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4490628 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4490628 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4490628 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 3173426 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 3173426 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 3173424 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4503537 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4503537 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4504369 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4504369 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4497398 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4500109 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| ADV990001 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0620 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0620 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Critical | Remote Code Execution | 4499171 |
Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Critical | Remote Code Execution | 4499171 |
Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0620 | HongZhenhao of IceSword Lab, Qihoo 360 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0709 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0709 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.60 Temporal: 6.80 Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0709 | Joe Bialek (@JosephBialek), MSRC Vulnerabilities and Mitigations Team https://twitter.com/JosephBialek |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0710 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0710 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Denial of Service | 4499151 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0710 | Joe Bialek (@JosephBialek), MSRC Vulnerabilities and Mitigations Team https://twitter.com/JosephBialek |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0711 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0711 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Denial of Service | 4499151 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0711 | Joe Bialek (@JosephBialek), MSRC Vulnerabilities and Mitigations Team https://twitter.com/JosephBialek |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0713 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0713 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Denial of Service | 4499151 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Denial of Service | 4499149 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.80 Temporal: 6.10 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0713 | Hyper-V Development Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0722 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0722 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Critical | Remote Code Execution | 4499149 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Critical | Remote Code Execution | 4499171 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Critical | Remote Code Execution | 4499171 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Critical | Remote Code Execution | 4499151 |
Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 8.80 Temporal: 7.90 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0722 | Joe Bialek (@JosephBialek), MSRC Vulnerabilities and Mitigations Team
Anonymous finder https://twitter.com/JosephBialek |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0920 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0920 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4503285 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499171 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499164 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4503259 (IE Cumulative) | Moderate | Remote Code Execution | 4498206 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4503276 (Monthly Rollup) | Moderate | Remote Code Execution | 4499151 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) | Moderate | Remote Code Execution | 4499149 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499149 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0920 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0960 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0960 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0960 | Yanmin Ji from Skylar Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0968 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0968 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0968 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0977 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0977 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0977 | kdot working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0983 MITRE NVD |
CVE Title: Windows Storage Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0983 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0983 | k0shl of Qihoo 360 Vulcan Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0985 MITRE NVD |
CVE Title: Microsoft Speech API Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language. The update address the vulnerability by modifying how the system handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0985 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Critical | Remote Code Execution | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0985 | Ke Liu of Tencent Security Xuanwu Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0986 MITRE NVD |
CVE Title: Windows User Profile Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0986 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0986 | Chris Danieli https://www.linkedin.com/in/chrisdanieli |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0990 MITRE NVD |
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0990 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Information Disclosure | 4499154 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Information Disclosure | 4499154 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Information Disclosure | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Information Disclosure | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Information Disclosure | 4499181 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Information Disclosure | 4499181 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Information Disclosure | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Information Disclosure | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Information Disclosure | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Information Disclosure | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Information Disclosure | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Information Disclosure | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Information Disclosure | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Information Disclosure | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Information Disclosure | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Information Disclosure | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0990 | Qixun Zhao of Qihoo 360 Vulcan Team https://twitter.com/S0rryMybad,http://www.360.com/ MoonLiang of Tencent Security Xuanwu Lab https://xlab.tencent.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0991 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0991 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0991 | Qixun Zhao of Qihoo 360 Vulcan Team https://twitter.com/S0rryMybad,http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0992 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0992 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0992 | Qixun Zhao of Qihoo 360 Vulcan Team https://twitter.com/S0rryMybad,http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0993 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0993 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-0993 | Qixun Zhao of Qihoo 360 Vulcan Team https://twitter.com/S0rryMybad,http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0996 MITRE NVD |
CVE Title: Azure DevOps Server Spoofing Vulnerability
Description: A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the targeted user. To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page. The update addresses the vulnerability by modifying how Azure DevOps Server protects application registration requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0996 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure DevOps Server 2019 | Release Notes (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-0996 | Terry Zhang (@pnig0s) of Tophant https://twitter.com/pnig0s |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-0998 MITRE NVD |
CVE Title: Windows Storage Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-0998 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-0998 | k0shl of Qihoo 360 Vulcan Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1002 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1002 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1002 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1003 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1003 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1003 | Qixun Zhao of Qihoo 360 Vulcan Team https://twitter.com/S0rryMybad,http://www.360.com/ Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ Liu Long of Qihoo 360 Vulcan Team MoonLiang of Tencent Security Xuanwu Lab https://xlab.tencent.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1005 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Low | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1005 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4503285 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Remote Code Execution | 4499171 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
No |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Remote Code Execution | 4499164 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4503259 (IE Cumulative) | Low | Remote Code Execution | 4498206 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4503276 (Monthly Rollup) | Low | Remote Code Execution | 4499151 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4503267 (Security Update) | Low | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4503327 (Security Update) | Low | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Remote Code Execution | 4499149 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Remote Code Execution | 4499149 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1005 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1007 MITRE NVD |
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1007 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1007 | zhong_sf of Qihoo 360 Vulcan Team http://www.360.com/ pgboy of Qihoo 360 Vulcan Team https://weibo.com/pgboy1988,https://www.360.cn/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1019 MITRE NVD |
CVE Title: Microsoft Windows Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1019 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Security Feature Bypass | 4499154 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Security Feature Bypass | 4499154 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Security Feature Bypass | 4494440 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Security Feature Bypass | 4494440 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Security Feature Bypass | 4499181 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Security Feature Bypass | 4499181 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Security Feature Bypass | 4499179 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Security Feature Bypass | 4499179 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Security Feature Bypass | 4499179 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Security Feature Bypass | 4499167 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Security Feature Bypass | 4499167 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Security Feature Bypass | 4499167 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Security Feature Bypass | 4497936 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Security Feature Bypass | 4497936 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Security Feature Bypass | 4497936 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Security Feature Bypass | 4499164 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Security Feature Bypass | 4499164 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Security Feature Bypass | 4499151 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Security Feature Bypass | 4499151 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Security Feature Bypass | 4499151 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Security Feature Bypass | 4499149 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Security Feature Bypass | 4499149 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Security Feature Bypass | 4499149 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Security Feature Bypass | 4499149 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Security Feature Bypass | 4499149 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Security Feature Bypass | 4499164 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Security Feature Bypass | 4499164 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Security Feature Bypass | 4499164 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Security Feature Bypass | 4499171 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Security Feature Bypass | 4499171 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Security Feature Bypass | 4499151 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Security Feature Bypass | 4499151 |
Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Security Feature Bypass | 4494440 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Security Feature Bypass | 4494440 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Security Feature Bypass | 4499167 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Security Feature Bypass | 4497936 | Base: 8.50 Temporal: 7.60 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1019 | Sergei Glazunov of Google Project Zero https://www.preempt.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1021 MITRE NVD |
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1021 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1021 | zhong_sf of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1022 MITRE NVD |
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1022 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1022 | zhong_sf of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1023 MITRE NVD |
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1023 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Information Disclosure | None | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Information Disclosure | 4499154 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Information Disclosure | 4499154 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Information Disclosure | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Information Disclosure | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Information Disclosure | 4499181 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Information Disclosure | 4499181 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Information Disclosure | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Information Disclosure | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Information Disclosure | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Information Disclosure | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Information Disclosure | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Information Disclosure | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Information Disclosure | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Information Disclosure | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Information Disclosure | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Information Disclosure | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Information Disclosure | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1023 | lowkey lin of r3kapig |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1024 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1024 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1024 | exp-sky (Kai Song) of Tencent Security Xuanwu Lab https://xlab.tencent.com/ MoonLiang of Tencent Security Xuanwu Lab https://xlab.tencent.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1025 MITRE NVD |
CVE Title: Windows Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1025 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Denial of Service | 4499154 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Denial of Service | 4499181 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Denial of Service | 4499179 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Denial of Service | 4499151 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Denial of Service | 4499149 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Denial of Service | 4499164 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Denial of Service | 4499171 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Denial of Service | 4499151 |
Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Denial of Service | 4494440 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Denial of Service | 4494441 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Denial of Service | 4499167 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Denial of Service | 4497936 | Base: 6.50 Temporal: 5.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1025 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1026 MITRE NVD |
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1026 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1026 | zhong_sf of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1027 MITRE NVD |
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1027 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1027 | zhong_sf of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1028 MITRE NVD |
CVE Title: Windows Audio Service Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1028 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1028 | zhong_sf of Qihoo 360 Vulcan Team http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1031 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1031 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4464594 (Security Update) | Important | Spoofing | 4464549 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4464571 (Security Update) | Important | Spoofing | 4464525 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4464597 (Security Update) | Important | Spoofing | 4464511 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4475512 (Security Update) | Important | Spoofing | 4464556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-1031 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1032 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1032 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4464594 (Security Update) | Important | Spoofing | 4464549 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4475512 (Security Update) | Important | Spoofing | 4464556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-1032 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1033 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1033 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Project Server 2010 Service Pack 2 | 4092442 (Security Update) | Important | Spoofing | 4022210 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4464594 (Security Update) | Important | Spoofing | 4464549 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4464602 (Security Update) | Important | Spoofing | 4464564 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4475512 (Security Update) | Important | Spoofing | 4464556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2019-1033 | Ashar Javed of Hyundai AutoEver Europe GmbH https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1034 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1034 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4462178 (Security Update) | Important | Remote Code Execution | 4461617 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4462178 (Security Update) | Important | Remote Code Execution | 4461617 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office Online Server | 4475511 (Security Update) | Important | Remote Code Execution | 4462169 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office Web Apps 2010 Service Pack 2 | 4461621 (Security Update) | Important | Remote Code Execution | 4461527 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4464602 (Security Update) | Important | Remote Code Execution | 4464564 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4464594 (Security Update) | Important | Remote Code Execution | 4464549 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4461611 (Security Update) | Important | Remote Code Execution | 4461520 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4475512 (Security Update) | Important | Remote Code Execution | 4464556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4461619 (Security Update) | Important | Remote Code Execution | 4461526 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4461619 (Security Update) | Important | Remote Code Execution | 4461526 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 RT Service Pack 1 | 4464590 (Security Update) | Important | Remote Code Execution | 4461594 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4464590 (Security Update) | Important | Remote Code Execution | 4461594 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4464590 (Security Update) | Important | Remote Code Execution | 4461594 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2016 (32-bit edition) | 4464596 (Security Update) | Important | Remote Code Execution | 4464536 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2016 (64-bit edition) | 4464596 (Security Update) | Important | Remote Code Execution | 4464536 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1034 | Anonymous working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1035 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1035 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office Online Server | 4475511 (Security Update) | Important | Remote Code Execution | 4462169 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4475512 (Security Update) | Important | Remote Code Execution | 4464556 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1035 | L4Nce working with Trend Micro's Zero Day Initiative https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV190015 MITRE NVD |
CVE Title: June 2019 Adobe Flash Security Update
Description: This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB19-30: CVE-2019-7845. Please note that in the event of any discrepancies. the definitive source of information (for example, vulnerability severity and impact) is the Adobe Flash bulletin as referenced. FAQ: How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8. Mitigations: Workarounds: Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update. Prevent Adobe Flash Player from running You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for the control in the registry, perform the following steps:
Note You must restart Internet Explorer for your changes to take effect. Impact of workaround. There is no impact as long as the object is not intended to be used in Internet Explorer. How to undo the workaround. Delete the registry keys that were added in implementing this workaround. Prevent Adobe Flash Player from running in Internet Explorer through Group Policy Note The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites: Group Policy Overview What is Group Policy Object Editor? Core Group Policy tools and settings To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps: Note This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.
To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:
To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer, perform the following steps:
To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:
To raise the browsing security level in Internet Explorer, perform the following steps:
You can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:
To do this, perform the following steps:
Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| ADV190015 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Adobe Flash Player on Windows 10 for 32-bit Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 for x64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1709 for 32-bit Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1709 for ARM64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1709 for x64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1803 for 32-bit Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1803 for ARM64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1803 for x64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1809 for 32-bit Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1809 for ARM64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1809 for x64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1903 for 32-bit Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1903 for ARM64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 10 Version 1903 for x64-based Systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 8.1 for 32-bit systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows 8.1 for x64-based systems | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows RT 8.1 | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows Server 2012 | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows Server 2012 R2 | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows Server 2016 | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Adobe Flash Player on Windows Server 2019 | 4503308 (Security Update) | Critical | Remote Code Execution | 4497932 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| ADV190015 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV190016 MITRE NVD |
CVE Title: Bluetooth Low Energy Advisory
Description: Executive Summary Microsoft is aware of an issue that affects the Bluetooth Low Energy (BLE) version of FIDO Security Keys. Due to a misconfiguration in the Bluetooth pairing protocols, it is possible for an attacker who is physically close to a user at the moment he/she uses the security key to communicate with the security key, or communicate with the device to which the key is paired. Google has issued CVE-2019-2102 for this vulnerability. To address this issue, Microsoft has blocked the pairing of these Bluetooth Low Energy (BLE) keys with the pairing misconfiguration. Recommended Actions
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| ADV190016 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
No |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| ADV190016 | Erik Peterson of Microsoft Corp. Matt Beaver of Microsoft Corp. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV190017 MITRE NVD |
CVE Title: Microsoft HoloLens Remote Code Execution Vulnerabilities
Description: Executive Summary Microsoft is aware of vulnerabilities that affect the Broadcom wireless chipset included in the Microsoft HoloLens device. The vulnerabilities could allow an unauthenticated attacker in physical proximity to cause a denial of service condition or execute code on a target system. The vulnerabilities were issued CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. To address this issue, Microsoft has included the updated Broadcom firmware in the latest HoloLens update. Recommended Actions Microsoft recommends that customers install the June security update for HoloLens. See the Security Updates table for the link to the update and more information. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| ADV190017 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for HoloLens | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| ADV190017 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1038 MITRE NVD |
CVE Title: Microsoft Browser Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1038 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4503285 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499171 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499164 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4503259 (IE Cumulative) | Moderate | Remote Code Execution | 4498206 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4503276 (Monthly Rollup) | Moderate | Remote Code Execution | 4499151 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1038 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1039 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1039 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Information Disclosure | 4499151 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Information Disclosure | 4499151 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Information Disclosure | 4499149 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Information Disclosure | 4499164 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Information Disclosure | 4499171 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Information Disclosure | 4499151 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1039 | JunGu and ZiMi of Alibaba Orion Security Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1040 MITRE NVD |
CVE Title: Windows NTLM Tampering Vulnerability
Description: A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature. The update addresses the vulnerability by hardening NTLM MIC protection on the server-side. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Tampering |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1040 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Tampering | 4499154 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Tampering | 4499154 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Tampering | 4494440 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Tampering | 4494440 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Tampering | 4499181 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Tampering | 4499181 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Tampering | 4499179 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Tampering | 4499179 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Tampering | 4499179 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Tampering | 4499167 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Tampering | 4499167 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Tampering | 4499167 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Tampering | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Tampering | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Tampering | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Tampering | 4497936 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Tampering | 4497936 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Tampering | 4497936 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Tampering | 4499164 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Tampering | 4499164 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Tampering | 4499151 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Tampering | 4499151 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Tampering | 4499151 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Tampering | 4499149 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Tampering | 4499149 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Tampering | 4499149 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Tampering | 4499149 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Tampering | 4499149 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Tampering | 4499164 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Tampering | 4499164 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Tampering | 4499164 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Tampering | 4499171 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Tampering | 4499171 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Tampering | 4499151 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Tampering | 4499151 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Tampering | 4494440 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Tampering | 4494440 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Tampering | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Tampering | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Tampering | 4499167 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Tampering | 4497936 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1040 | n1nty from A-TEAM of Legendsec at Qi'anxin Group Yang Zhang of Back2Zero team Yongtao Wang (@Sanr) of BCM Social Corp. https://twitter.com/SanR Eyal Karni, Marina Simakov and Yaron Zinar from Preempt https://www.preempt.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1041 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1041 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1041 | Fluoroacetate working with Trend Micro's Zero Day Initiative
https://twitter.com/fluoroacetate,https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1043 MITRE NVD |
CVE Title: Comctl32 Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how comctl32.dll handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1043 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Remote Code Execution | 4499154 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Remote Code Execution | 4499181 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Remote Code Execution | 4499179 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Remote Code Execution | 4499151 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Remote Code Execution | 4499151 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Remote Code Execution | 4499149 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Remote Code Execution | 4499149 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Remote Code Execution | 4499164 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Remote Code Execution | 4499171 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Remote Code Execution | 4499151 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Remote Code Execution | 4499167 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Remote Code Execution | 4497936 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1043 | @j00sean based on the previous work of @magicmac2000 https://twitter.com/j00sean,https://twitter.com/magicmac2000 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1044 MITRE NVD |
CVE Title: Windows Secure Kernel Mode Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL). The update addresses the vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory to properly enforce VTLs. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1044 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Security Feature Bypass | 4494441 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1044 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1045 MITRE NVD |
CVE Title: Windows Network File System Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows NFS properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1045 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1045 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1051 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1051 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1051 | Bruno Keith https://twitter.com/bkth_ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1052 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1052 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore on ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1052 | Qixun Zhao of Qihoo 360 Vulcan Team https://twitter.com/S0rryMybad,http://www.360.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1053 MITRE NVD |
CVE Title: Windows Shell Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system. The security update addresses the vulnerability by correctly validating folder shortcuts. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1053 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
No |
| Windows 7 for 32-bit Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4503290 (Security Only) 4503276 (Monthly Rollup) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Elevation of Privilege | 4499151 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4503287 (Security Only) 4503273 (Monthly Rollup) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4503273 (Monthly Rollup) 4503287 (Security Only) |
Important | Elevation of Privilege | 4499149 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4503269 (Security Only) 4503292 (Monthly Rollup) |
Important | Elevation of Privilege | 4499164 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4503263 (Security Only) 4503285 (Monthly Rollup) |
Important | Elevation of Privilege | 4499171 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4503276 (Monthly Rollup) 4503290 (Security Only) |
Important | Elevation of Privilege | 4499151 |
Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 6.30 Temporal: 5.70 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1053 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1064 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1064 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1064 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1065 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1065 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1065 | Fluoroacetate working with Trend Micro's Zero Day Initiative https://twitter.com/fluoroacetate,https://www.zerodayinitiative.com/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1069 MITRE NVD |
CVE Title: Task Scheduler Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1069 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Elevation of Privilege | 4499154 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Elevation of Privilege | 4499181 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Elevation of Privilege | 4499179 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Windows Server 2016 | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4503267 (Security Update) | Important | Elevation of Privilege | 4494440 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4503327 (Security Update) | Important | Elevation of Privilege | 4494441 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1803 (Server Core Installation) | 4503286 (Security Update) | Important | Elevation of Privilege | 4499167 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4503293 (Security Update) | Important | Elevation of Privilege | 4497936 | Base: 7.80 Temporal: 7.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2019-1069 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1080 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1080 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4503285 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499171 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4503291 (Security Update) | Critical | Remote Code Execution | 4499154 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Critical | Remote Code Execution | 4494440 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Critical | Remote Code Execution | 4499181 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Critical | Remote Code Execution | 4499179 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Critical | Remote Code Execution | 4499167 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Critical | Remote Code Execution | 4494441 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Critical | Remote Code Execution | 4497936 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499164 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4499151 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4503290 (Security Only) 4503259 (IE Cumulative) |
Critical | Remote Code Execution | 4498206 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4503276 (Monthly Rollup) | Critical | Remote Code Execution | 4499151 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499164 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4503259 (IE Cumulative) | Moderate | Remote Code Execution | 4498206 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4503290 (Security Only) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4503267 (Security Update) | Moderate | Remote Code Execution | 4494440 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4503327 (Security Update) | Moderate | Remote Code Execution | 4494441 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499149 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Moderate | Remote Code Execution | 4499149 4498206 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1080 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2019-1081 MITRE NVD |
CVE Title: Microsoft Browser Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2019-06-11T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2019-1081 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 10 on Windows Server 2012 | 4503285 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Information Disclosure | 4499171 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
No |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Information Disclosure | 4499164 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Information Disclosure | 4499164 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Information Disclosure | 4499151 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Important | Information Disclosure | 4499151 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4503276 (Monthly Rollup) | Important | Information Disclosure | 4499151 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4503292 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Information Disclosure | 4499164 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4503259 (IE Cumulative) | Low | Information Disclosure | 4498206 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4503276 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Information Disclosure | 4499151 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4503267 (Security Update) | Low | Information Disclosure | 4494440 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4503327 (Security Update) | Low | Information Disclosure | 4494441 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Information Disclosure | 4499149 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4503273 (Monthly Rollup) 4503259 (IE Cumulative) |
Low | Information Disclosure | 4499149 4498206 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
| Microsoft Edge on Windows 10 for 32-bit Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge on Windows 10 for x64-based Systems | 4503291 (Security Update) | Important | Information Disclosure | 4499154 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4503267 (Security Update) | Important | Information Disclosure | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4503279 (Security Update) | Important | Information Disclosure | 4499181 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4503284 (Security Update) | Important | Information Disclosure | 4499179 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1803 for x64-based Systems | 4503286 (Security Update) | Important | Information Disclosure | 4499167 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1809 for x64-based Systems | 4503327 (Security Update) | Important | Information Disclosure | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows 10 Version 1903 for x64-based Systems | 4503293 (Security Update) | Important | Information Disclosure | 4497936 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Edge on Windows Server 2016 | 4503267 (Security Update) | Low | Information Disclosure | 4494440 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge on Windows Server 2019 | 4503327 (Security Update) | Low | Information Disclosure | 4494441 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2019-1081 | None |