Symantec product detections for Microsoft monthly Security Bulletins - January 2019
Article ID: 173326
Updated On:
Products
Issue/Introduction
This document describes Symantec Endpoint Protection (SEP) product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
NOTES
- Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
- These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
- The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017
Resolution
|
ID and Rating |
CAN/CVE ID: ADV190001 BID: N/A Microsoft Rating: Critical |
|
Vulnerability Type |
January 2019 Adobe Flash Security Update |
|
Vulnerability Affects |
See Adobe.com |
|
Details |
See Adobe.com |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0539 BID: 106401 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit the vulnerability to corrupt memory and execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0547 BID: 106394 Microsoft Rating: Critical |
|
Vulnerability Type |
Windows DHCP Client Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 1803
|
|
Details |
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker can exploit the vulnerability to run arbitrary code on the client machine.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0550 BID: 106385 Microsoft Rating: Critical |
|
Vulnerability Type |
Windows Hyper-V Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Hyper-V Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803
|
|
Details |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0551 BID: 106386 Microsoft Rating: Critical |
|
Vulnerability Type |
Windows Hyper-V Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Hyper-V Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0565 BID: 106416 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object. An attacker can exploit the vulnerability to use the Browser Broker COM object to elevate privileges on an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0567 BID: 106418 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit the vulnerability to corrupt memory and execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0568 BID: 106420 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit the vulnerability to corrupt memory and execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0536 BID: 106406 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows 10 Version 1709 for ARM64-based Systems
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0537 BID: 106390 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Visual Studio Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Visual Studio 2012 Update 5 Microsoft Visual Studio 2010 SP1
|
|
Details |
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file. An attacker can exploit this vulnerability by tricking a user into opening a malicious .vscontent file using a vulnerable version of Visual Studio to view arbitrary file contents from the computer where the victim launched Visual Studio.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0538 BID: 106419 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0541 BID: 106402 Microsoft Rating: Important |
|
Vulnerability Type |
Internet Explorer Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 10 Microsoft Internet Explorer 11
|
|
Details |
A remote code execution vulnerability exists in the way that the Internet Explorer (IE) improperly validates input. An attacker could execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0542 BID: 106434 Microsoft Rating: Important |
|
Vulnerability Type |
Xterm Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft xterm.js
|
|
Details |
A remote code execution vulnerability exists in Xterm. js when the component mishandles special characters.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0543 BID: 106408 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809
|
|
Details |
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker can exploit this vulnerability to run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0545 BID: 106405 Microsoft Rating: Important |
|
Vulnerability Type |
ASP.NET Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2
|
|
Details |
An information disclosure vulnerability exists in ASP.NET and ASP.NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker can exploit the vulnerability to retrieve content, that is normally restricted, from a web application.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0548 BID: 106410 Microsoft Rating: Important |
|
Vulnerability Type |
ASP.NET Core Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft ASP.NET Core 2.0 Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1
|
|
Details |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application to cause a denial of service against an ASP.NET Core web application.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0549 BID: 106409 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows 10 Version 1709 for ARM64-based Systems
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0552 BID: 106407 Microsoft Rating: Important |
|
Vulnerability Type |
Windows COM Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A privilege escalation exists in Windows COM Desktop Broker. An attacker can exploit the vulnerability to run arbitrary code with elevated privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0553 BID: 106412 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Subsystem for Linux Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0554 BID: 106411 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows 10 Version 1709 for ARM64-based Systems
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0555 BID: 106395 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft XmlDocument Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A privilege escalation vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker can exploit this vulnerability to gain elevated privileges and break out of the Edge AppContainer sandbox.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0556 BID: 106387 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
|
Details |
A cross-site-scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0557 BID: 106388 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016
|
|
Details |
A cross-site-scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0558 BID: 106389 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0559 BID: 106397 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Outlook Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker can exploit this vulnerability to gather information about the victim.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0560 BID: 106398 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Access 2016 (32-bit edition) Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker can exploit the vulnerability to use the information to compromise the user's computer or data.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0561 BID: 106399 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Word Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office Web Apps Server 2010 Service Pack 2 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Word Automation Services on Microsoft SharePoint Server 2010 SP2
|
|
Details |
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. An attacker can exploit this vulnerability to read arbitrary files from a targeted system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0562 BID: 106400 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0564 BID: 106413 Microsoft Rating: Important |
|
Vulnerability Type |
ASP.NET Core Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft ASP.NET Core 2.0 Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1 |
|
Details |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application to cause a denial of service against an ASP.NET Core web application. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0566 BID: 106417 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object. An attacker can exploit the vulnerability to use the Browser Broker COM object to elevate privileges on an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2019-0566 Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0569 BID: 106414 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows 10 Version 1709 for ARM64-based Systems
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2019-0569 Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0570 BID: 106415 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A privilege escalation vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker can exploit this vulnerability to run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0571 BID: 106426 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0572 BID: 106428 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0573 BID: 106430 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0574 BID: 106431 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0575 BID: 106404 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0576 BID: 106422 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0577 BID: 106423 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0578 BID: 106424 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0579 BID: 106425 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0580 BID: 106429 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0581 BID: 106432 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0582 BID: 106433 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0583 BID: 106435 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0584 BID: 106436 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 1809 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0585 BID: 106392 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Word Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office Web Apps Server 2010 Service Pack 2 Microsoft Office Word Viewer Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems Microsoft Word Automation Services on Microsoft SharePoint Server 2010 SP2 Microsoft Word 2013 RT Service Pack 1
|
|
Details |
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker can exploit the vulnerability to use a specially crafted file to perform actions in the security context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0586 BID: 106421 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Exchange Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Exchange Server 2016 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 11 Microsoft Exchange Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker can exploit the vulnerability to run arbitrary code in the context of the System user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0588 BID: 106437 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Exchange Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Exchange Server 2010 SP3 Update Rollup 25 Microsoft Exchange Server 2013 Cumulative Update 21 Microsoft Exchange Server 2016 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 11 Microsoft Exchange Server 2019
|
|
Details |
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2019-0546 BID: 106391 Microsoft Rating: Moderate |
|
Vulnerability Type |
Visual Studio Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Visual Studio 2017 15.9
|
|
Details |
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project. An attacker can exploit the vulnerability to run arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: ADV990001 BID: 106425 Microsoft Rating: None |
|
Vulnerability Type |
Latest Servicing Stack Updates
|
|
Vulnerability Affects |
See Microsoft.com |
|
Details |
See Microsoft.com
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
Feedback
