Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
Adobe Flash Player ADV190015 June 2019 Adobe Flash Security Update
Kerberos CVE-2019-0972 Local Security Authority Subsystem Service Denial of Service Vulnerability
Microsoft Browsers CVE-2019-1081 Microsoft Browser Information Disclosure Vulnerability
Microsoft Browsers CVE-2019-1038 Microsoft Browser Memory Corruption Vulnerability
Microsoft Devices ADV190017 Microsoft HoloLens Remote Code Execution Vulnerabilities
Microsoft Devices ADV190016 Bluetooth Low Energy Advisory
Microsoft Edge CVE-2019-1054 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Exchange Server ADV190018 Microsoft Exchange Server Defense in Depth Update
Microsoft Graphics Component CVE-2019-1018 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1047 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1046 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1013 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1015 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1016 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1048 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0977 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0960 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0968 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1049 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1050 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0985 Microsoft Speech API Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1010 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1009 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1011 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1012 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0905 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0974 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0904 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0906 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0908 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0909 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0907 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1035 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1034 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-1032 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-1036 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-1031 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-1033 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2019-1002 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0991 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1080 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1023 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2019-0993 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0992 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1024 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0990 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2019-0988 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0989 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1055 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1052 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1051 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0920 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1003 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2019-1069 Task Scheduler Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1064 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0888 ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-1025 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2019-1045 Windows Network File System Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1043 Comctl32 Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0710 Windows Hyper-V Denial of Service Vulnerability
Microsoft Windows CVE-2019-0709 Windows Hyper-V Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0722 Windows Hyper-V Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0943 Windows ALPC Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0713 Windows Hyper-V Denial of Service Vulnerability
Microsoft Windows CVE-2019-0983 Windows Storage Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0984 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0711 Windows Hyper-V Denial of Service Vulnerability
Microsoft Windows CVE-2019-0948 Windows Event Viewer Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0959 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0998 Windows Storage Service Elevation of Privilege Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Skype for Business and Microsoft Lync CVE-2019-1029 Skype for Business and Lync Server Denial of Service Vulnerability
Team Foundation Server CVE-2019-0996 Azure DevOps Server Spoofing Vulnerability
VBScript CVE-2019-1005 Scripting Engine Memory Corruption Vulnerability
Windows Authentication Methods CVE-2019-1040 Windows NTLM Tampering Vulnerability
Windows Hyper-V CVE-2019-0620 Windows Hyper-V Remote Code Execution Vulnerability
Windows IIS CVE-2019-0941 Microsoft IIS Server Denial of Service Vulnerability
Windows Installer CVE-2019-0973 Windows Installer Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1044 Windows Secure Kernel Mode Security Feature Bypass Vulnerability
Windows Kernel CVE-2019-1014 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1017 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1065 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1041 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1039 Windows Kernel Information Disclosure Vulnerability
Windows Media CVE-2019-1026 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1007 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1027 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1022 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1021 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1028 Windows Audio Service Elevation of Privilege Vulnerability
Windows NTLM CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability
Windows Shell CVE-2019-0986 Windows User Profile Service Elevation of Privilege Vulnerability
Windows Shell CVE-2019-1053 Windows Shell Elevation of Privilege Vulnerability

CVE-2019-0888 - ActiveX Data Objects (ADO) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0888
MITRE
NVD
CVE Title: ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges.

An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website.

The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0888
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Critical Remote Code Execution 4499154 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Critical Remote Code Execution 4499154 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Critical Remote Code Execution 4499181 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Critical Remote Code Execution 4499181 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Critical Remote Code Execution
4499164
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Critical Remote Code Execution
4499164
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Critical Remote Code Execution
4499151
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Critical Remote Code Execution 4499151
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Critical Remote Code Execution 4499151 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Critical Remote Code Execution 4499149
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Critical Remote Code Execution 4499149
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Critical Remote Code Execution
4499149
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Critical Remote Code Execution 4499149
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Critical Remote Code Execution 4499149
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Critical Remote Code Execution
4499164
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Critical Remote Code Execution
4499164
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Critical Remote Code Execution
4499164
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Critical Remote Code Execution
4499171
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Critical Remote Code Execution
4499171
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Critical Remote Code Execution 4499151
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Critical Remote Code Execution 4499151
Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 8.80
Temporal: 7.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0888 Yaniv Frank of SophosLabs
https://www.sophos.com/en-us/labs.aspx


CVE-2019-0904 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0904
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0904
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Remote Code Execution
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Remote Code Execution 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Remote Code Execution
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0904 Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.


CVE-2019-0905 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0905
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0905
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Remote Code Execution
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Remote Code Execution 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Remote Code Execution
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0905 Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.


CVE-2019-0906 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0906
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0906
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Remote Code Execution
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Remote Code Execution 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Remote Code Execution
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0906 Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.


CVE-2019-0907 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0907
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0907
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Remote Code Execution
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Remote Code Execution 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Remote Code Execution
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0907 Keqi Hu and zhangjie from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.


CVE-2019-0908 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0908
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0908
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: N/A
Temporal: N/A
Vector: N/A
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Remote Code Execution
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Remote Code Execution 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Remote Code Execution
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Remote Code Execution 4497936 Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0908 rgod of 9sg Security Team - rgod@9sgsec.com working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-0909 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0909
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0909
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Remote Code Execution
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Remote Code Execution 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Remote Code Execution
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0909 Gal De Leon and Bar Lahav of Palo Alto Networks
https://www.paloaltonetworks.com/


CVE-2019-0941 - Microsoft IIS Server Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0941
MITRE
NVD
CVE Title: Microsoft IIS Server Denial of Service Vulnerability
Description:

A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering.

To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering.

The update addresses the vulnerability by changing the way certain requests are processed by the filter.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0941
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Denial of Service 4499154 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Denial of Service 4499154 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Denial of Service 4494440 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Denial of Service 4494440 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Denial of Service 4499181 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Denial of Service 4499181 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Denial of Service 4499179 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Denial of Service 4499179 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Denial of Service 4499179 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Denial of Service 4499167 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Denial of Service 4499167 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Denial of Service 4499167 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Denial of Service 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Denial of Service 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Denial of Service 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Denial of Service 4497936 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Denial of Service 4497936 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Denial of Service 4497936 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Denial of Service
4499151
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Denial of Service 4499151
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Denial of Service 4499151 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Denial of Service
4499149
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Denial of Service
4499171
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Denial of Service
4499171
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Denial of Service 4499151
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Denial of Service 4499151
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Denial of Service 4494440 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Denial of Service 4494440 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Denial of Service 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Denial of Service 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Denial of Service 4499167 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Denial of Service 4497936 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0941 Hoai Viet Nguyen of Data & Application Security Group of TH Köln
https://das.th-koeln.de/


CVE-2019-0943 - Windows ALPC Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0943
MITRE
NVD
CVE Title: Windows ALPC Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.

The update addresses the vulnerability by correcting how Windows handles calls to ALPC.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0943
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Elevation of Privilege 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Elevation of Privilege 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Elevation of Privilege
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Elevation of Privilege 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Elevation of Privilege
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Elevation of Privilege
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0943 James Forshaw of Google Project Zero
http://www.google.com/


CVE-2019-0948 - Windows Event Viewer Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0948
MITRE
NVD
CVE Title: Windows Event Viewer Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file.

The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Moderate Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0948
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Moderate Information Disclosure 4499154 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Moderate Information Disclosure 4499154 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Moderate Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Moderate Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Moderate Information Disclosure 4499181 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Moderate Information Disclosure 4499181 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Moderate Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Moderate Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Moderate Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Moderate Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Moderate Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Moderate Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Moderate Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Moderate Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Moderate Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Moderate Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Moderate Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Moderate Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Moderate Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Moderate Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Moderate Information Disclosure
4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Moderate Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Moderate Information Disclosure 4499151 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Moderate Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Moderate Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Moderate Information Disclosure
4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Moderate Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Moderate Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Moderate Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Moderate Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Moderate Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Moderate Information Disclosure
4499171
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Moderate Information Disclosure
4499171
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Moderate Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Moderate Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Moderate Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Moderate Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Moderate Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Moderate Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Moderate Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Moderate Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0948 Eran Vaknin, Alon Boxiner, Oded Vanunu
https://il.linkedin.com/in/eran-vaknin,https://il.linkedin.com/in/alon-boxiner-a1a713b4,https://il.linkedin.com/in/oded-vanunu-a131283


CVE-2019-0959 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0959
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how CLFS handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0959
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows Server 2019 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0959 James Forshaw of Google Project Zero
http://www.google.com/


CVE-2019-0972 - Local Security Authority Subsystem Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0972
MITRE
NVD
CVE Title: Local Security Authority Subsystem Service Denial of Service Vulnerability
Description:

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.

The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0972
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Denial of Service 4499154 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Denial of Service 4499154 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Denial of Service 4494440 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Denial of Service 4494440 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Denial of Service 4499181 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Denial of Service 4499181 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Denial of Service 4499179 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Denial of Service 4499179 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Denial of Service 4499179 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Denial of Service 4499167 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Denial of Service 4499167 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Denial of Service 4499167 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Denial of Service 4494441 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Denial of Service 4494441 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Denial of Service 4494441 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Denial of Service 4497936 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Denial of Service 4497936 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Denial of Service 4497936 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Denial of Service
4499151
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Denial of Service 4499151
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Denial of Service 4499151 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Denial of Service
4499149
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Denial of Service 4499149
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Denial of Service
4499164
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Denial of Service
4499171
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Denial of Service
4499171
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Denial of Service 4499151
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Denial of Service 4499151
Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2016 4503267 (Security Update) Important Denial of Service 4494440 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Denial of Service 4494440 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2019 4503327 (Security Update) Important Denial of Service 4494441 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Denial of Service 4494441 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Denial of Service 4499167 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Denial of Service 4497936 Base: 6.50
Temporal: 5.60
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0972 Danyal Drew of The Missing Link
https://www.themissinglink.com.au/


CVE-2019-0973 - Windows Installer Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0973
MITRE
NVD
CVE Title: Windows Installer Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.

A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0973
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Elevation of Privilege 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Elevation of Privilege 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Elevation of Privilege
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Elevation of Privilege 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Elevation of Privilege
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Elevation of Privilege
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Elevation of Privilege
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0973 None

CVE-2019-0974 - Jet Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0974
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.


FAQ:

Are Active Directory and Exchange Server affected by this vulnerability? No, Active Directory and Exchange Server are not affected.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0974
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Remote Code Execution 4499154 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Remote Code Execution 4499181 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Remote Code Execution 4499179 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Remote Code Execution
4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Remote Code Execution 4499151 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Remote Code Execution
4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Remote Code Execution 4499149
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Remote Code Execution
4499164
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Remote Code Execution
4499171
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Remote Code Execution 4499151
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Remote Code Execution 4494440 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Remote Code Execution 4494441 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Remote Code Execution 4499167 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Remote Code Execution 4497936 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0974 Shih-Fong Peng (@_L4ys) of Team T5
https://twitter.com/_L4ys,https://teamt5.org


CVE-2019-0984 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0984
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how CLFS handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0984
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Elevation of Privilege 4499181 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Elevation of Privilege 4499181 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Elevation of Privilege 4499179 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Elevation of Privilege
4499151
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Elevation of Privilege 4499151 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Elevation of Privilege
4499149
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Elevation of Privilege 4499149
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Elevation of Privilege
4499164
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Elevation of Privilege
4499171
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Elevation of Privilege
4499171
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Elevation of Privilege 4499151
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Elevation of Privilege 4494440 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Elevation of Privilege 4494441 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Elevation of Privilege 4499167 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Elevation of Privilege 4497936 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0984 pgboy
http://weibo.com/pgboy1988


CVE-2019-0988 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0988
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0988
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 10 on Windows Server 2012 4503285 (Monthly Rollup)
4503259 (IE Cumulative)
Moderate Remote Code Execution 4499171
4498206
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems 4503291 (Security Update) Critical Remote Code Execution 4499154 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4503291 (Security Update) Critical Remote Code Execution 4499154 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Critical Remote Code Execution 4499181 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Critical Remote Code Execution 4499181 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4503292 (Monthly Rollup)
4503259 (IE Cumulative)
Critical Remote Code Execution 4499164
4498206
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4503292 (Monthly Rollup)
4503259 (IE Cumulative)
Critical Remote Code Execution 4499164
4498206
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4503276 (Monthly Rollup)
4503259 (IE Cumulative)
Critical Remote Code Execution 4499151
4498206
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503259 (IE Cumulative)
Critical Remote Code Execution 4499151
4498206
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4503276 (Monthly Rollup) Critical Remote Code Execution 4499151 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503292 (Monthly Rollup)
4503259 (IE Cumulative)
Moderate Remote Code Execution 4499164
4498206
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 4503259 (IE Cumulative) Moderate Remote Code Execution 4498206 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4503276 (Monthly Rollup) Moderate Remote Code Execution 4499151 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4503267 (Security Update) Moderate Remote Code Execution 4494440 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2019 4503327 (Security Update) Moderate Remote Code Execution 4494441 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0988 Yuki Chen of Qihoo 360 Vulcan Team
http://www.360.com/


CVE-2019-0989 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-0989
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0989
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore on ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Edge on Windows 10 for 32-bit Systems 4503291 (Security Update) Critical Remote Code Execution 4499154 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4503291 (Security Update) Critical Remote Code Execution 4499154 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Critical Remote Code Execution 4494440 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Critical Remote Code Execution 4499181 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Critical Remote Code Execution 4499181 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Critical Remote Code Execution 4499179 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Critical Remote Code Execution 4499167 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Critical Remote Code Execution 4494441 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Critical Remote Code Execution 4497936 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
No
Microsoft Edge on Windows Server 2016 4503267 (Security Update) Moderate Remote Code Execution 4494440 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4503327 (Security Update) Moderate Remote Code Execution 4494441 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-0989 Qixun Zhao of Qihoo 360 Vulcan Team​
https://twitter.com/S0rryMybad,http://www.360.com/


CVE-2019-1009 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-1009
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1009
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Information Disclosure
4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-1009 kdot working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-1010 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-1010
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1010
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Information Disclosure 4499154 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Information Disclosure 4499154 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Information Disclosure 4499181 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Information Disclosure 4499181 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Information Disclosure
4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Information Disclosure 4499151 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Information Disclosure
4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Information Disclosure
4499171
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Information Disclosure
4499171
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-1010 Kamlapati Choubey of Trend Micro


CVE-2019-1011 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-1011
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1011
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Information Disclosure
4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-1011 kdot working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-1012 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-1012
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1012
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Information Disclosure 4499154 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Information Disclosure 4499154 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4503279 (Security Update) Important Information Disclosure 4499181 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4503279 (Security Update) Important Information Disclosure 4499181 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4503284 (Security Update) Important Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4503284 (Security Update) Important Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4503284 (Security Update) Important Information Disclosure 4499179 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
No
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4503290 (Security Only)
4503276 (Monthly Rollup)
Important Information Disclosure
4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4503276 (Monthly Rollup) Important Information Disclosure 4499151 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Information Disclosure
4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Information Disclosure
4499171
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4503263 (Security Only)
4503285 (Monthly Rollup)
Important Information Disclosure
4499171
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4503276 (Monthly Rollup)
4503290 (Security Only)
Important Information Disclosure 4499151
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4503267 (Security Update) Important Information Disclosure 4494440 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4503327 (Security Update) Important Information Disclosure 4494441 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4503286 (Security Update) Important Information Disclosure 4499167 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4503293 (Security Update) Important Information Disclosure 4497936 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2019-1012 Sooraj K S (@soorajks) working with Trend Micro's Zero Day Initiative
https://twitter.com/soorajks,https://www.zerodayinitiative.com/


CVE-2019-1013 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-1013
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1013
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4503287 (Security Only)
4503273 (Monthly Rollup)
Important Information Disclosure
4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4503273 (Monthly Rollup)
4503287 (Security Only)
Important Information Disclosure 4499149
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4503269 (Security Only)
4503292 (Monthly Rollup)
Important Information Disclosure
4499164
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2019-1013 kdot working with Trend Micro's Zero Day Initiative
https://www.zerodayinitiative.com/


CVE-2019-1014 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-1014
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2019-06-11T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1014
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4503291 (Security Update) Important Elevation of Privilege 4499154 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems