This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
ADV190026 | Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business | |
End of Life Software | CVE-2019-1489 | Remote Desktop Protocol Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1465 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2019-1466 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1467 | Windows GDI Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-1400 | Microsoft Access Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-1464 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-1461 | Microsoft Word Denial of Service Vulnerability |
Microsoft Office | CVE-2019-1462 | Microsoft PowerPoint Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-1463 | Microsoft Access Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2019-1485 | VBScript Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-1453 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-1476 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1477 | Windows Printer Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1474 | Windows Kernel Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-1478 | Windows COM Server Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1483 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1488 | Microsoft Defender Security Feature Bypass Vulnerability |
Open Source Software | CVE-2019-1487 | Microsoft Authentication Library for Android Information Disclosure Vulnerability |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
Skype for Business | CVE-2019-1490 | Skype for Business Server Spoofing Vulnerability |
SQL Server | CVE-2019-1332 | Microsoft SQL Server Reporting Services XSS Vulnerability |
Visual Studio | CVE-2019-1350 | Git for Visual Studio Remote Code Execution Vulnerability |
Visual Studio | CVE-2019-1349 | Git for Visual Studio Remote Code Execution Vulnerability |
Visual Studio | CVE-2019-1486 | Visual Studio Live Share Spoofing Vulnerability |
Visual Studio | CVE-2019-1387 | Git for Visual Studio Remote Code Execution Vulnerability |
Visual Studio | CVE-2019-1354 | Git for Visual Studio Remote Code Execution Vulnerability |
Visual Studio | CVE-2019-1351 | Git for Visual Studio Tampering Vulnerability |
Visual Studio | CVE-2019-1352 | Git for Visual Studio Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-1471 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-1470 | Windows Hyper-V Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-1472 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-1458 | Win32k Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-1469 | Win32k Information Disclosure Vulnerability |
Windows Media Player | CVE-2019-1480 | Windows Media Player Information Disclosure Vulnerability |
Windows Media Player | CVE-2019-1481 | Windows Media Player Information Disclosure Vulnerability |
Windows OLE | CVE-2019-1484 | Windows OLE Remote Code Execution Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1453 MITRE NVD |
CVE Title: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Description: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1453 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Denial of Service | 4525232 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Denial of Service | 4525232 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Denial of Service | 4525236 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Denial of Service | 4525236 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Denial of Service | 4525241 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Denial of Service | 4525241 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Denial of Service | 4525241 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Denial of Service | 4525237 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Denial of Service | 4525237 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Denial of Service | 4525237 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Denial of Service | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Denial of Service | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Denial of Service | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Denial of Service | 4525235 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Denial of Service | 4525235 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Denial of Service | 4525243 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Denial of Service | 4525243 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Denial of Service | 4525243 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Denial of Service | 4525235 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Denial of Service | 4525235 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Denial of Service | 4525235 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Denial of Service | 4525246 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Denial of Service | 4525246 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Denial of Service | 4525243 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Denial of Service | 4525243 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Denial of Service | 4525236 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Denial of Service | 4525236 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Denial of Service | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Denial of Service | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Denial of Service | 4525237 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Denial of Service | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1453 | A member of Cisco Talos |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1470 MITRE NVD |
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1470 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 6.0 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1470 | ChenNan of Tencent ZhanluLab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1471 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1471 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Critical | Remote Code Execution | 4525237 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Critical | Remote Code Execution | 4525237 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.2 Temporal: 7.4 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1471 | Microsoft Platform Security Assurance & Vulnerability Research |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1472 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1472 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1472 | zhong_sf of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1474 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1474 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1474 | Fangming Gu of Qihoo 360 Core security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1480 MITRE NVD |
CVE Title: Windows Media Player Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. To exploit this vulnerability, an attacker would have to log on to an affected system and open a specifically crafted file. The update addresses the vulnerability by correcting how Windows Media Player handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1480 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1480 | hosselot working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1481 MITRE NVD |
CVE Title: Windows Media Player Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. To exploit this vulnerability, an attacker would have to log on to an affected system and open a specifically crafted file. The update addresses the vulnerability by correcting how Windows Media Player handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1481 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1481 | hosselot working with Trend Micro's Zero Day Initiative hosselot working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1483 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Server handles junctions. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1483 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Elevation of Privilege | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Elevation of Privilege | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Elevation of Privilege | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1483 | Jeong Oh Kyea(@kkokkokye) of THEORI working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1484 MITRE NVD |
CVE Title: Windows OLE Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, causing Windows to execute arbitrary code. The update addresses the vulnerability by correcting how Windows OLE validates user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1484 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Remote Code Execution | 4525232 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Remote Code Execution | 4525232 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Remote Code Execution | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Remote Code Execution | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Remote Code Execution | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Remote Code Execution | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Remote Code Execution | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Remote Code Execution | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Remote Code Execution | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Remote Code Execution | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Remote Code Execution | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Remote Code Execution | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Remote Code Execution | 4525243 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Remote Code Execution | 4525243 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Remote Code Execution | 4525243 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Remote Code Execution | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Remote Code Execution | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Remote Code Execution | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Remote Code Execution | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Remote Code Execution | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Remote Code Execution | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Remote Code Execution | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Remote Code Execution | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Remote Code Execution | 4525246 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Remote Code Execution | 4525246 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Remote Code Execution | 4525243 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Remote Code Execution | 4525243 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Remote Code Execution | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Remote Code Execution | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Remote Code Execution | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1484 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1487 MITRE NVD |
CVE Title: Microsoft Authentication Library for Android Information Disclosure Vulnerability
Description: An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions. This vulnerability could result in sensitive data being exposed. To exploit this vulnerability an attacker would need to be authenticated to have rights to view the sensitive data. This security update addresses the vulnerability by modifying how the data is sanitized. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1487 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Authentication Library (MSAL) for Android | Github Repository (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1487 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1488 MITRE NVD |
CVE Title: Microsoft Defender Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers. An attacker could exploit the vulnerability to trigger warnings and false positives when no threat is present. To exploit the vulnerability, an attacker would first require execution permissions on the victim system. The security update addresses the vulnerability by ensuring Microsoft Defender properly handles these buffers. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1488 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Security Feature Bypass | 4525232 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Security Feature Bypass | 4525232 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Security Feature Bypass | 4525236 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Security Feature Bypass | 4525236 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Security Feature Bypass | 4525241 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Security Feature Bypass | 4525241 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Security Feature Bypass | 4525241 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Security Feature Bypass | 4525237 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Security Feature Bypass | 4525237 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Security Feature Bypass | 4525237 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Security Feature Bypass | 4523205 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Security Feature Bypass | 4523205 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Security Feature Bypass | 4523205 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Security Feature Bypass | 4525235 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Security Feature Bypass | 4525235 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Security Feature Bypass | 4525243 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Security Feature Bypass | 4525243 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Security Feature Bypass | 4525243 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Security Feature Bypass | 4525234 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Security Feature Bypass | 4525234 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Security Feature Bypass | 4525234 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Security Feature Bypass | 4525234 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Security Feature Bypass | 4525234 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Security Feature Bypass | 4525235 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Security Feature Bypass | 4525235 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Security Feature Bypass | 4525235 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Security Feature Bypass | 4525246 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Security Feature Bypass | 4525246 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Security Feature Bypass | 4525243 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Security Feature Bypass | 4525243 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Security Feature Bypass | 4525236 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Security Feature Bypass | 4525236 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Security Feature Bypass | 4523205 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Security Feature Bypass | 4523205 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Security Feature Bypass | 4525237 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Security Feature Bypass | 4524570 |
Base: 3.3 Temporal: 3.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1488 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1489 MITRE NVD |
CVE Title: Remote Desktop Protocol Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. FAQ: Why is there no update for this vulnerability? Microsoft will not provide an update for this vulnerability because Windows XP is out of support. Microsoft strongly recommends upgrading to a supported version of Windows software. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1489 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Windows XP Service Pack 3 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
CVE ID | Acknowledgements |
CVE-2019-1489 | Discovered by a member of Cisco Talos |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
ADV990001 MITRE NVD |
CVE Title: Latest Servicing Stack Updates
Description: This is a list of the latest servicing stack updates for each operating system. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. FAQ: 1. Why are all of the Servicing Stack Updates (SSU) critical updates? The SSUs are classified as Critical updates. This does not indicate that there is a critical vulnerability being addressed in the update. 2. When was the most recent SSU released for each version of Microsoft Windows? Please refer to the following table for the most recent SSU release. We will update the entries any time a new SSU is released:
3. Where can I find more information about the Servicing Stack Updates? You can find more information by following these links: Mitigations: None Workarounds: None Revision: 1.2    2018-12-03T08:00:00Z     FAQs have been added to further explain Security Stack Updates. The FAQs include a table that indicates the most recent SSU release for each Windows version. This is an informational change only. 5.1    2019-02-13T08:00:00Z     In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1809 for x64-based Systems to 4470788. This is an informational change only. 6.0    2019-03-12T07:00:00Z     A Servicing Stack Update has been released for Windows 7 and Windows Server 2008 R2 and Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information. 8.0    2019-05-14T07:00:00Z     A Servicing Stack Update has been released for Windows 10 version 1507, Windows 10 version 1607, Windows Server 2016, Windows 10 version 1703, Windows 10 version 1709, Windows Server, version 1709, Windows 10 version 1803, Windows Server, version 1803, Windows 10 version 1809, Windows Server 2019, Windows 10 version 1809 and Windows Server, version 1809. See the FAQ section for more information. 9.0    2019-06-11T07:00:00Z     A Servicing Stack Update has been released for Windows 10 version 1607, Windows Server 2016, Windows 10 version 1809, and Windows Server 2019. See the FAQ section for more information. 10.0    2019-06-14T07:00:00Z     A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server, version 1903 (Server Core installation). See the FAQ section for more information. 13.0    2019-07-26T07:00:00Z     A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server, version 1903 (Server Core installation). See the FAQ section for more information. 14.0    2019-09-10T07:00:00Z     A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ section for more information. 15.0    2019-10-08T07:00:00Z     A Servicing Stack Update has been released for all supported versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more information. 15.1    2019-10-09T07:00:00Z     In the Security Updates table, corrected the KB Article Number and Download links for Server 2012, the 32-bit and x64-based versions of Windows 8.1, and Server 2012 R2. See the FAQ section for more information. 16.0    2019-11-12T08:00:00Z     A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ section for more information. 1.0    2018-11-13T08:00:00Z     Information published. 1.1    2018-11-14T08:00:00Z     Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an informational change only. 2.0    2018-12-05T08:00:00Z     A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 3.0    2018-12-11T08:00:00Z     A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server, version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 3.1    2018-12-11T08:00:00Z     Updated supersedence information. This is an informational change only. 3.2    2018-12-12T08:00:00Z     Fixed a typo in the FAQ. 4.0    2019-01-08T08:00:00Z     A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section for more information. 5.0    2019-02-12T08:00:00Z     A Servicing Stack Update has been released for Windows 10 Version 1607, Windows Server 2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703; Windows 10 Version 1709 and Windows Server, version 1709 (Server Core Installation); Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the FAQ section for more information. 5.2    2019-02-14T08:00:00Z     In the Security Updates table, corrected the Servicing Stack Update (SSU) for Windows 10 Version 1803 for x64-based Systems to 4485449. This is an informational change only. 7.0    2019-04-09T07:00:00Z     A Servicing Stack Update has been released for Windows Server 2008 and Windows Server 2008 (Server Core installation); Windows 10 version 1809, Windows Server 2019, and Windows Server 2019 (Server Core installation). See the FAQ section for more information. 11.0    2019-07-09T07:00:00Z     A Servicing Stack Update has been released for all supported versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1, Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more information. 12.0    2019-07-24T07:00:00Z     A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more information. 16.1    2019-11-13T08:00:00Z     Fixed some incorrect KB numbers. This is an information change only. 17.0    2019-12-10T08:00:00Z     A Servicing Stack Update has been released for Windows Server 2008 and Windows Server 2008 (Server Core installation); Windows 7, Windows Server 2008 R2, and Windows Server 2008 R2 (Server Core installation). See the FAQ section for more information. |
Critical | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
ADV990001 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4523200 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 for x64-based Systems | 4523200 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1607 for 32-bit Systems | 4520724 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1607 for x64-based Systems | 4520724 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1709 for 32-bit Systems | 4523202 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1709 for ARM64-based Systems | 4523202 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1709 for x64-based Systems | 4523202 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1803 for 32-bit Systems | 4523203 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1803 for ARM64-based Systems | 4523203 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1803 for x64-based Systems | 4523203 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1809 for 32-bit Systems | 4523204 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1809 for ARM64-based Systems | 4523204 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1809 for x64-based Systems | 4523204 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1903 for 32-bit Systems | 4524569 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1903 for ARM64-based Systems | 4524569 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 10 Version 1903 for x64-based Systems | 4524569 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 7 for 32-bit Systems Service Pack 1 | 4523206 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 7 for x64-based Systems Service Pack 1 | 4523206 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 8.1 for 32-bit systems | 4524445 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows 8.1 for x64-based systems | 4524445 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4526478 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4526478 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4526478 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4526478 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4526478 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4523206 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4523206 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4523206 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2012 | 4523208 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2012 (Server Core installation) | 4523208 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2012 R2 | 4524445 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2012 R2 (Server Core installation) | 4524445 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2016 | 4520724 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2016 (Server Core installation) | 4520724 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2019 | 4523204 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server 2019 (Server Core installation) | 4523204 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server, version 1803 (Server Core Installation) | 4523203 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Windows Server, version 1903 (Server Core installation) | 4524569 (Servicing Stack Update) | Critical | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
ADV990001 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1332 MITRE NVD |
CVE Title: Microsoft SQL Server Reporting Services XSS Vulnerability
Description: A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content. To exploit the vulnerability, an attacker would need to convince an authenticated user to click a specially-crafted link to an affected SSRS server. The update addresses the vulnerability by correcting SSRS URL sanitization. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1332 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Power BI Report Server | Release Notes (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
SQL Server 2017 Reporting Services | Release Notes (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
SQL Server 2019 Reporting Services | Release Notes (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1332 | Matei "Mal" Badanoiu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1349 MITRE NVD |
CVE Title: Git for Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo. The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input. FAQ: I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first? No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1349 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1349 | Christopher Ertl (@CTurtE) and Nicolas Joly (@n_joly) of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1350 MITRE NVD |
CVE Title: Git for Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo. The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input. FAQ: I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first? No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1350 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1350 | Christopher Ertl (@CTurtE) and Nicolas Joly (@n_joly) of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1351 MITRE NVD |
CVE Title: Git for Visual Studio Tampering Vulnerability
Description: A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must clone a file using a specially crafted path on a vulnerable system. The security update fixes the vulnerability by ensuring Git for Visual Studio properly handles folder paths. FAQ: I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first? No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Moderate | Tampering |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1351 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.0 | Release Notes (Security Update) | Moderate | Tampering | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) | Release Notes (Security Update) | Moderate | Tampering | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2017 version 16.0 | Release Notes (Security Update) | Moderate | Tampering | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Moderate | Tampering | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1351 | Christopher Ertl (@CTurtE) and Nicolas Joly (@n_joly) of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1352 MITRE NVD |
CVE Title: Git for Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo. The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input. FAQ: I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first? No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1352 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1352 | Christopher Ertl (@CTurtE) and Nicolas Joly (@n_joly) of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1354 MITRE NVD |
CVE Title: Git for Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo. The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input. FAQ: I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first? No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1354 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1354 | Nicolas Joly of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1387 MITRE NVD |
CVE Title: Git for Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to convince the user to clone a malicious repo. The security update addresses the vulnerability by correcting how Git for Visual Studio validates command-line input. FAQ: I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first? No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1387 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.0 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2019-1387 | Christopher Ertl (@CTurtE) and Nicolas Joly (@n_joly) of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1400 MITRE NVD |
CVE Title: Microsoft Access Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1400 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484193 (Security Update) | Important | Information Disclosure | 4484127 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484193 (Security Update) | Important | Information Disclosure | 4484127 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 4484186 (Security Update) | Important | Information Disclosure | 4484119 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484186 (Security Update) | Important | Information Disclosure | 4484119 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484186 (Security Update) | Important | Information Disclosure | 4484119 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4484180 (Security Update) | Important | Information Disclosure | 4484113 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4484180 (Security Update) | Important | Information Disclosure | 4484113 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-1400 | kdot |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1458 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Detected | Not Applicable | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2019-1458 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Elevation of Privilege | 4525232 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Elevation of Privilege | 4525232 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Elevation of Privilege | 4525243 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Elevation of Privilege | 4525243 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Elevation of Privilege | 4525243 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Elevation of Privilege | 4525246 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Elevation of Privilege | 4525246 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Elevation of Privilege | 4525243 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Elevation of Privilege | 4525243 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1458 | Anton Ivanov and Alexey Kulaev of Kaspersky Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1461 MITRE NVD |
CVE Title: Microsoft Word Denial of Service Vulnerability
Description: A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted document be sent to a vulnerable user. The security update addresses the vulnerability by correcting how Microsoft Word handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. I have Microsoft Word 2010 installed. Why am I not being offered the 4475598 update? The 4475598 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1461 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4475598 (Security Update) | Important | Denial of Service | 4475531 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4475598 (Security Update) | Important | Denial of Service | 4475531 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4475601 (Security Update) | Important | Denial of Service | 4475533 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4475601 (Security Update) | Important | Denial of Service | 4475533 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4484094 (Security Update) | Important | Denial of Service | 4475547 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4484094 (Security Update) | Important | Denial of Service | 4475547 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4484094 (Security Update) | Important | Denial of Service | 4475547 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4484169 (Security Update) | Important | Denial of Service | 4475540 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4484169 (Security Update) | Important | Denial of Service | 4475540 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-1461 | Jaanus Kääp of Clarified Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1462 MITRE NVD |
CVE Title: Microsoft PowerPoint Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office PowerPoint software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft PowerPoint handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1462 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) | 4461613 (Security Update) | Important | Remote Code Execution | 4461521 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) | 4461613 (Security Update) | Important | Remote Code Execution | 4461521 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft PowerPoint 2013 RT Service Pack 1 | 4461590 (Security Update) | Important | Remote Code Execution | 4461481 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) | 4461590 (Security Update) | Important | Remote Code Execution | 4461481 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) | 4461590 (Security Update) | Important | Remote Code Execution | 4461481 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft PowerPoint 2016 (32-bit edition) | 4484166 (Security Update) | Important | Remote Code Execution | 4461532 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft PowerPoint 2016 (64-bit edition) | 4484166 (Security Update) | Important | Remote Code Execution | 4461532 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-1462 | Jaanus Kp, Clarified Security working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1463 MITRE NVD |
CVE Title: Microsoft Access Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1463 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484193 (Security Update) | Important | Information Disclosure | 4484127 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484193 (Security Update) | Important | Information Disclosure | 4484127 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 4484186 (Security Update) | Important | Information Disclosure | 4484119 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484186 (Security Update) | Important | Information Disclosure | 4484119 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484186 (Security Update) | Important | Information Disclosure | 4484119 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4484180 (Security Update) | Important | Information Disclosure | 4484113 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4484180 (Security Update) | Important | Information Disclosure | 4484113 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-1463 | Ofir Shlomo and Tal Dery of Mimecast Research Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1464 MITRE NVD |
CVE Title: Microsoft Excel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1464 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484196 (Security Update) | Important | Information Disclosure | 4484164 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484196 (Security Update) | Important | Information Disclosure | 4484164 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2013 RT Service Pack 1 | 4484190 (Security Update) | Important | Information Disclosure | 4484158 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4484190 (Security Update) | Important | Information Disclosure | 4484158 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4484190 (Security Update) | Important | Information Disclosure | 4484158 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 4484179 (Security Update) | Important | Information Disclosure | 4484144 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 4484179 (Security Update) | Important | Information Disclosure | 4484144 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484192 (Security Update) | Important | Information Disclosure | 4484160 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484192 (Security Update) | Important | Information Disclosure | 4484160 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 4484184 (Security Update) | Important | Information Disclosure | 4484152 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484184 (Security Update) | Important | Information Disclosure | 4484152 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484184 (Security Update) | Important | Information Disclosure | 4484152 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4484182 (Security Update) | Important | Information Disclosure | 4484148 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4484182 (Security Update) | Important | Information Disclosure | 4484148 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2019-1464 | Zhangjie and willJ from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1465 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1465 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1465 | Hossein Lotfi working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1466 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1466 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1466 | Hossein Lotfi working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1467 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1467 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1467 | Lee Jin Young of Codemize Security Research Lab
|
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1468 MITRE NVD |
CVE Title: Win32k Graphics Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability.
The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1468 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Critical | Remote Code Execution | 4525232 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Critical | Remote Code Execution | 4525232 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Critical | Remote Code Execution | 4525236 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Critical | Remote Code Execution | 4525236 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Critical | Remote Code Execution | 4525241 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Critical | Remote Code Execution | 4525241 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Critical | Remote Code Execution | 4525241 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Critical | Remote Code Execution | 4525237 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Critical | Remote Code Execution | 4525237 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Critical | Remote Code Execution | 4525237 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Critical | Remote Code Execution | 4525235 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Critical | Remote Code Execution | 4525235 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Critical | Remote Code Execution | 4525243 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Critical | Remote Code Execution | 4525243 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Critical | Remote Code Execution | 4525243 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Critical | Remote Code Execution | 4525234 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Critical | Remote Code Execution | 4525234 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Critical | Remote Code Execution | 4525234 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Critical | Remote Code Execution | 4525234 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Critical | Remote Code Execution | 4525234 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Critical | Remote Code Execution | 4525235 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Critical | Remote Code Execution | 4525235 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Critical | Remote Code Execution | 4525235 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Critical | Remote Code Execution | 4525246 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Critical | Remote Code Execution | 4525246 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Critical | Remote Code Execution | 4525243 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Critical | Remote Code Execution | 4525243 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Critical | Remote Code Execution | 4525236 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Critical | Remote Code Execution | 4525236 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Critical | Remote Code Execution | 4523205 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Critical | Remote Code Execution | 4525237 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Critical | Remote Code Execution | 4524570 |
Base: 8.4 Temporal: 7.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1468 | xina1i of Antiy Labs riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1469 MITRE NVD |
CVE Title: Win32k Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1469 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Information Disclosure | 4525232 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Information Disclosure | 4525241 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4530702 (Monthly Rollup) | Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Information Disclosure | 4525234 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Information Disclosure | 4525235 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4530691 (Monthly Rollup) 4530698 (Security Only) |
Important | Information Disclosure | 4525246 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4530702 (Monthly Rollup) 4530730 (Security Only) |
Important | Information Disclosure | 4525243 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Information Disclosure | 4525236 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Information Disclosure | 4523205 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Information Disclosure | 4525237 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Information Disclosure | 4524570 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1469 | Gil Dabah Guopengfei from Codesafe Team of Legendsec at Qi'anxin Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1476 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1476 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Elevation of Privilege | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Elevation of Privilege | 4525241 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4530689 (Security Update) | Important | Elevation of Privilege | 4525236 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4530717 (Security Update) | Important | Elevation of Privilege | 4525237 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4530684 (Security Update) | Important | Elevation of Privilege | 4524570 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1476 | Gábor Selján (@GaborSeljan) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1477 MITRE NVD |
CVE Title: Windows Printer Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows Printer Service validates file paths. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1477 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4530715 (Security Update) | Important | Elevation of Privilege | 4523205 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1477 | Yongil Lee of Diffense |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1478 MITRE NVD |
CVE Title: Windows COM Server Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1478 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4530695 (Monthly Rollup) 4530719 (Security Only) |
Important | Elevation of Privilege | 4525234 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4530734 (Monthly Rollup) 4530692 (Security Only) |
Important | Elevation of Privilege | 4525235 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2019-1478 | Yongil Lee of Diffense |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2019-1485 MITRE NVD |
CVE Title: VBScript Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2019-12-10T08:00:00Z     Information published. |
Low | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2019-1485 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4530691 (Monthly Rollup) 4530677 (IE Cumulative) |
Low | Remote Code Execution | 4525246 4525106 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4530681 (Security Update) | Important | Remote Code Execution | 4525232 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4530681 (Security Update) | Important | Remote Code Execution | 4525232 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4530689 (Security Update) | Important | Remote Code Execution | 4525236 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4530689 (Security Update) | Important | Remote Code Execution | 4525236 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4530714 (Security Update) | Important | Remote Code Execution | 4525241 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4530714 (Security Update) | Important | Remote Code Execution | 4525241 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4530714 (Security Update) | Important | Remote Code Execution | 4525241 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4530717 (Security Update) | Important | Remote Code Execution | 4525237 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4530717 (Security Update) | Important | Remote Code Execution | 4525237 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4530717 (Security Update) | Important | Remote Code Execution | 4525237 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4530715 (Security Update) | Important | Remote Code Execution | 4523205 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4530684 (Security Update) | Important | Remote Code Execution | 4524570 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4530677 (IE Cumulative) 4530734 (Monthly Rollup) |
Important | Remote Code Execution | 4525106 4525235 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4530677 (IE Cumulative) 4530734 (Monthly Rollup) |
Important | Remote Code Execution | 4525106 4525235 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4530677 (IE Cumulative) 4530702 (Monthly Rollup) |
Important | Remote Code Execution | 4525106 4525243 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4530677 (IE Cumulative) 4530702 (Monthly Rollup) |
Important | Remote Code Execution | 4525106 4525243 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Interne |