search cancel

Symantec product detections for Microsoft monthly Security Bulletins - April 2019

book

Article ID: 174306

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017 

Resolution

 

ID and Rating

CAN/CVE ID: ADV190011

BID:

Microsoft Rating: Critical

Vulnerability Type

April 2019 Adobe Flash Security Update

Vulnerability Affects

See Adobe.com for details

Details

See Adobe.com for details

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0739

BID: 107708

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0753

BID: 107711

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10

Details

A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0786

BID: 107678

Microsoft Rating: Critical

Vulnerability Type

SMB Server Elevation of Privilege Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A privilege escalation vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker can exploit this vulnerability to bypass certain security checks in the operating system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0791

BID: 107726

Microsoft Rating: Critical

Vulnerability Type

MS XML Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1803 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user’s system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0792

BID: 107728

Microsoft Rating: Critical

Vulnerability Type

MS XML Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1803 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user’s system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0793

BID: 107729

Microsoft Rating: Critical

Vulnerability Type

MS XML Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1803 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user’s system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0806

BID: 107713

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0810

BID: 107715

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0812

BID: 107716

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0829

BID: 107718

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0845

BID: 107700

Microsoft Rating: Critical

Vulnerability Type

Windows IOleCvt Interface Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows RT 8.1 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems

 

Details

A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user’s system. Successful exploitation of this vulnerability requires an attacker to host a specially crafted website designed to render malicious ASP pages through a web browser.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0853

BID: 107695

Microsoft Rating: Critical

Vulnerability Type

GDI+ Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker can exploit this vulnerability to take control of the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0860

BID: 107722

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0861

BID: 107724

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0685

BID: 107761

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0688

BID: 107685

Microsoft Rating: Important

Vulnerability Type

Windows TCP/IP Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An information disclosure vulnerability exists when the Windows TCP/IP stack fails to properly handle fragmented IP packets. An attacker can exploit this vulnerability to obtain information to further compromise the user’s system. Successful exploitation of this vulnerability requires an attacker to send specially crafted fragmented IP packets to a remote Windows computer.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0730

BID: 107697

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0731

BID: 107710

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0732

BID: 107684

Microsoft Rating: Important

Vulnerability Type

Windows Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2

 

Details

A security bypass vulnerability exists in Windows which could allow an attacker because Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to circumvent a User Mode Code Integrity (UMCI) policy on the machine to bypass Device Guard. Successful exploitation of this vulnerability requires an attacker to first access the local machine, and then run a malicious program.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0735

BID: 107740

Microsoft Rating: Important

Vulnerability Type

Windows CSRSS Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019

 

Details

A privilege escalation vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker can exploit this vulnerability to run arbitrary code.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0752

BID: 107709

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11

 

Details

A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0764

BID: 107731

Microsoft Rating: Important

Vulnerability Type

Microsoft Browsers Tampering Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Edge

 

Details

A tampering vulnerability exists when Microsoft browsers fails to properly validate input under specific conditions. An attacker can exploit this issue to pass custom command line parameters.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0790

BID: 107702

Microsoft Rating: Important

Vulnerability Type

MS XML Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1803 Microsoft Windows Server 1709 Microsoft Windows Server 2019

 

Details

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user’s system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0794

BID: 107737

Microsoft Rating: Important

Vulnerability Type

VBScript Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019

 

Details

A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to gain access to the affected system. Successful exploitation of this vulnerability requires an attacker to host a specially crafted website designed to invoke VBScript through a web browser.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0795

BID: 107732

Microsoft Rating: Important

Vulnerability Type

MS XML Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1803 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user’s system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0796

BID: 107714

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0801

BID: 107738

Microsoft Rating: Important

Vulnerability Type

Office Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files. Successful exploitation of this vulnerability requires an attacker to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0802

BID: 107689

Microsoft Rating: Important

Vulnerability Type

Windows GDI Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise the user’s system. An attacker can exploit this vulnerability by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0803

BID: 107691

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: Exp.CVE-2019-0803

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0805

BID: 107717

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0813

BID: 107682

Microsoft Rating: Important

Vulnerability Type

Windows Admin Center Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows Admin Center

 

Details

A privilege escalation vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations. An attacker can exploit this vulnerability to gain elevated privileges.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0814

BID: 107762

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems

 

Details

An information disclosure vulnerability exists when the win32k component fails to properly provide kernel information. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0815

BID: 107701

Microsoft Rating: Important

Vulnerability Type

ASP.NET Core Denial of Service Vulnerability

Vulnerability Affects

Microsoft ASP.NET Core 2.2 Microsoft ASP.NET Core 2.1

 

Details

A denial of service vulnerability exists when ASP.NET Core fails to properly handle web requests. An attacker can exploit this vulnerability to cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0817

BID: 107756

Microsoft Rating: Important

Vulnerability Type

Microsoft Exchange Spoofing Vulnerability

Vulnerability Affects

Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 Cumulative Update 22 Microsoft Exchange Server 2016 Cumulative Update 11 Microsoft Exchange Server 2016 Cumulative Update 12 Microsoft Exchange Server 2019 Microsoft Exchange Server 2019 Cumulative Update 1

 

Details

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker can exploit this vulnerability to perform script or content injection attacks and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. Successful exploitation of this vulnerability requires an attacker to send a specially crafted email containing a malicious link to a user or use a chat client to social engineer a user into clicking the malicious link.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0822

BID: 107699

Microsoft Rating: Important

Vulnerability Type

Microsoft Graphics Components Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a target system. Successful exploitation of this vulnerability requires an attacker to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0823

BID: 107742

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions)

 

Details

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handles objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0824

BID: 107744

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handles objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0825

BID: 107745

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handles objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0826

BID: 107746

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handles objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0827

BID: 107747

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handles objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0828

BID: 107751

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker can exploit this vulnerability to run arbitrary code in the context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0830

BID: 107748

Microsoft Rating: Important

Vulnerability Type

Microsoft Office SharePoint XSS Vulnerability
Spoofing

Vulnerability Affects

Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2019

 

Details

A cross-site-scripting vulnerability exists when Microsoft SharePoint Server fails to properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0831

BID: 107750

Microsoft Rating: Important

Vulnerability Type

Microsoft Office SharePoint XSS Vulnerability
Spoofing

Vulnerability Affects

Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2019 Microsoft SharePoint Foundation 2010 SP2 Microsoft SharePoint Server 2010 SP2

 

Details

A cross-site-scripting vulnerability exists when Microsoft SharePoint Server fails to properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0833

BID: 107704

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

An information disclosure vulnerability exists in the way that Microsoft Edge handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user’s system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0835

BID: 107721

Microsoft Rating: Important

Vulnerability Type

Microsoft Scripting Engine Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows for 32-bit Systems 8.1 Microsoft Windows for 64-bit Systems 8.1 Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019

 

Details

An information disclosure vulnerability exists when the scripting engine handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0836

BID: 107719

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0837

BID: 107687

Microsoft Rating: Important

Vulnerability Type

DirectX Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An information disclosure vulnerability exists when DirectX fails to properly handle objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user’s system. An authenticated attacker can exploit this vulnerability by running a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0838

BID: 102878

Microsoft Rating: Important

Vulnerability Type

Windows Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker can exploit this vulnerability to obtain information to further compromise the user’s system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0839

BID: 107696

Microsoft Rating: Important

Vulnerability Type

Windows Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise a user’s system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0840

BID: 107765

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems

 

Details

An information disclosure vulnerability exists when the Windows kernel fails to properly handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0841

BID: 107698

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) fails to properly handle hard links. An attacker can exploit this vulnerability to run processes in an elevated context. An attacker could then install programs; view, change or delete data. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0842

BID: 107725

Microsoft Rating: Important

Vulnerability Type

Windows VBScript Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019

 

Details

A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0844

BID: 107767

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems

 

Details

An information disclosure vulnerability exists when the Windows kernel fails to properly handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0846

BID: 107694

Microsoft Rating: Important

Vulnerability Type

Jet Database Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0847

BID: 107703

Microsoft Rating: Important

Vulnerability Type

Jet Database Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0848

BID: 107766

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems

 

Details

An information disclosure vulnerability exists when the win32k component fails to properly provide kernel information. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0849

BID: 107706

Microsoft Rating: Important

Vulnerability Type

Windows GDI Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise the user’s system. An attacker can exploit this vulnerability by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0851

BID: 107705

Microsoft Rating: Important

Vulnerability Type

Jet Database Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0856

BID: 107707

Microsoft Rating: Important

Vulnerability Type

Windows Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1803 Microsoft Windows Server 1709 Microsoft Windows Server 2019 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A remote code execution vulnerability exists when Windows fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. Successful exploitation of the vulnerabilities requires an attacker to first log on to the target system and then run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0857

BID: 107760

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Spoofing Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0858

BID: 107757

Microsoft Rating: Important

Vulnerability Type

Microsoft Exchange Spoofing Vulnerability

Vulnerability Affects

Microsoft Exchange Server 2013 Cumulative Update 22 Microsoft Exchange Server 2016 Cumulative Update 11 Microsoft Exchange Server 2016 Cumulative Update 12 Microsoft Exchange Server 2019 Microsoft Exchange Server 2019 Cumulative Update 1

 

Details

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker can exploit this vulnerability to perform script or content injection attacks and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. Successful exploitation of this vulnerability requires an attacker to send a specially crafted email containing a malicious link to a user or use a chat client to social engineer a user into clicking the malicious link.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0859

BID: 107763

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2

 

Details

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: Exp.CVE-2019-0859

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0862

BID: 107727

Microsoft Rating: Important

Vulnerability Type

Windows VBScript Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Internet Explorer 11

 

Details

A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: N/A

Skeptic: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2019-0866

BID: 107749

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Cross-site Scripting Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019 Microsoft Team Foundation Server 2015 Update 4.2 Microsoft Team Foundation Server 2017 Update 3.1 Microsoft Team Foundation Server 2018 Update 1.2 Microsoft Team Foundation Server 2018 Update 3.2

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0867

BID: 107752

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Cross-site Scripting Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019 Microsoft Team Foundation Server 2018 Update 3.2

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0868

BID: 107753

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Cross-site Scripting Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019 Microsoft Team Foundation Server 2017 Update 3.1 Microsoft Team Foundation Server 2018 Update 1.2 Microsoft Team Foundation Server 2018 Update 3.2

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0869

BID: 107768

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server HTML Injection Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0870

BID: 107754

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Cross-site Scripting Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019 Microsoft Team Foundation Server 2017 Update 3.1 Microsoft Team Foundation Server 2018 Update 1.2 Microsoft Team Foundation Server 2018 Update 3.2

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0871

BID: 107755

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Cross-site Scripting Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019 Microsoft Team Foundation Server 2017 Update 3.1 Microsoft Team Foundation Server 2018 Update 1.2 Microsoft Team Foundation Server 2018 Update 3.2

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2019-0874

BID: 107759

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Cross-site Scripting Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019

 

Details

A cross-site scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0875

BID: 107826

Microsoft Rating: Important

Vulnerability Type

Azure DevOps Server Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Azure DevOps Server 2019

 

Details

A privilege escalation vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker can exploit this issue to add GitHub repos to a project without having the proper access granted to their account.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2019-0876

BID: 107743

Microsoft Rating: Important

Vulnerability Type

Open Enclave SDK Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Open Enclave SDK

 

Details

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory. An attacker can exploit this vulnerability to obtain information stored in the Enclave. Successful exploitation of this vulnerability requires an attacker to successfully compromise the host application running the enclave. The attacker can then pivot to the enclave and exploit this vulnerability without user interaction.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0877

BID: 107739

Microsoft Rating: Important

Vulnerability Type

Jet Database Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows RT 8.1 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems

 

Details

A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Skeptic: N/A

 

ID and Rating

CAN/CVE ID: CVE-2019-0879

BID: 107741

Microsoft Rating: Important

Vulnerability Type

Jet Database Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows RT 8.1 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems

 

Details

A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Review

Other Detections

AV: Under Review

Skeptic: N/A