Microsoft Windows Multiple Vulnerabilities (KB4503293)

Published: 2019-06-12 03:10:30
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is missing a critical security update according to Microsoft KB4503293

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - Windows kernel improperly initializes objects in memory. - Chakra scripting engine improperly handles objects in memory in Microsoft Edge. - ActiveX Data Objects (ADO) improperly handle objects in memory. - Windows GDI component improperly discloses the contents of its memory. - Windows AppX Deployment Service (AppXSVC) improperly handles hard links. - Windows kernel fails to properly handle objects in memory. - Windows Common Log File System (CLFS) driver improperly handles objects in memory. - A misconfiguration in the Bluetooth pairing protocols For more information about the vulnerabilities refer Reference links.

Impact:
Successful exploitation will allow an attacker to execute arbitrary code on a victim system, escalate privileges, bypass security restrictions, disclose sensitive information and cause a denial of service condition on a victim system.

Affected Versions:
Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems

Recommendations:
The vendor has released updates. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:
Executable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-2102
https://nvd.nist.gov/vuln/detail/CVE-2019-0620
https://nvd.nist.gov/vuln/detail/CVE-2019-0722
https://nvd.nist.gov/vuln/detail/CVE-2019-0888
https://nvd.nist.gov/vuln/detail/CVE-2019-0904
https://nvd.nist.gov/vuln/detail/CVE-2019-0905
https://nvd.nist.gov/vuln/detail/CVE-2019-0906
https://nvd.nist.gov/vuln/detail/CVE-2019-0907
https://nvd.nist.gov/vuln/detail/CVE-2019-0908
https://nvd.nist.gov/vuln/detail/CVE-2019-0909
https://nvd.nist.gov/vuln/detail/CVE-2019-0920
https://nvd.nist.gov/vuln/detail/CVE-2019-0941
https://nvd.nist.gov/vuln/detail/CVE-2019-0943
https://nvd.nist.gov/vuln/detail/CVE-2019-0948
https://nvd.nist.gov/vuln/detail/CVE-2019-0959
https://nvd.nist.gov/vuln/detail/CVE-2019-0972
https://nvd.nist.gov/vuln/detail/CVE-2019-0973
https://nvd.nist.gov/vuln/detail/CVE-2019-0974
https://nvd.nist.gov/vuln/detail/CVE-2019-0983
https://nvd.nist.gov/vuln/detail/CVE-2019-0984
https://nvd.nist.gov/vuln/detail/CVE-2019-0986
https://nvd.nist.gov/vuln/detail/CVE-2019-0988
https://nvd.nist.gov/vuln/detail/CVE-2019-0989
https://nvd.nist.gov/vuln/detail/CVE-2019-0990
https://nvd.nist.gov/vuln/detail/CVE-2019-0991
https://nvd.nist.gov/vuln/detail/CVE-2019-0992
https://nvd.nist.gov/vuln/detail/CVE-2019-0993
https://nvd.nist.gov/vuln/detail/CVE-2019-0998
https://nvd.nist.gov/vuln/detail/CVE-2019-1003
https://nvd.nist.gov/vuln/detail/CVE-2019-1005
https://nvd.nist.gov/vuln/detail/CVE-2019-1007
https://nvd.nist.gov/vuln/detail/CVE-2019-1010
https://nvd.nist.gov/vuln/detail/CVE-2019-1012
https://nvd.nist.gov/vuln/detail/CVE-2019-1014
https://nvd.nist.gov/vuln/detail/CVE-2019-1017
https://nvd.nist.gov/vuln/detail/CVE-2019-1019
https://nvd.nist.gov/vuln/detail/CVE-2019-1021
https://nvd.nist.gov/vuln/detail/CVE-2019-1022
https://nvd.nist.gov/vuln/detail/CVE-2019-1023
https://nvd.nist.gov/vuln/detail/CVE-2019-1024
https://nvd.nist.gov/vuln/detail/CVE-2019-1025
https://nvd.nist.gov/vuln/detail/CVE-2019-1026
https://nvd.nist.gov/vuln/detail/CVE-2019-1027
https://nvd.nist.gov/vuln/detail/CVE-2019-1028
https://nvd.nist.gov/vuln/detail/CVE-2019-1038
https://nvd.nist.gov/vuln/detail/CVE-2019-1039
https://nvd.nist.gov/vuln/detail/CVE-2019-1040
https://nvd.nist.gov/vuln/detail/CVE-2019-1041
https://nvd.nist.gov/vuln/detail/CVE-2019-1043
https://nvd.nist.gov/vuln/detail/CVE-2019-1046
https://nvd.nist.gov/vuln/detail/CVE-2019-1050
https://nvd.nist.gov/vuln/detail/CVE-2019-1051
https://nvd.nist.gov/vuln/detail/CVE-2019-1052
https://nvd.nist.gov/vuln/detail/CVE-2019-1053
https://nvd.nist.gov/vuln/detail/CVE-2019-1054
https://nvd.nist.gov/vuln/detail/CVE-2019-1055
https://nvd.nist.gov/vuln/detail/CVE-2019-1064
https://nvd.nist.gov/vuln/detail/CVE-2019-1065
https://nvd.nist.gov/vuln/detail/CVE-2019-1069
https://nvd.nist.gov/vuln/detail/CVE-2019-1080
https://nvd.nist.gov/vuln/detail/CVE-2019-1081

CVE Analysis

https://www.mageni.net/cve/CVE-2019-2102
https://www.mageni.net/cve/CVE-2019-0620
https://www.mageni.net/cve/CVE-2019-0722
https://www.mageni.net/cve/CVE-2019-0888
https://www.mageni.net/cve/CVE-2019-0904
https://www.mageni.net/cve/CVE-2019-0905
https://www.mageni.net/cve/CVE-2019-0906
https://www.mageni.net/cve/CVE-2019-0907
https://www.mageni.net/cve/CVE-2019-0908
https://www.mageni.net/cve/CVE-2019-0909
https://www.mageni.net/cve/CVE-2019-0920
https://www.mageni.net/cve/CVE-2019-0941
https://www.mageni.net/cve/CVE-2019-0943
https://www.mageni.net/cve/CVE-2019-0948
https://www.mageni.net/cve/CVE-2019-0959
https://www.mageni.net/cve/CVE-2019-0972
https://www.mageni.net/cve/CVE-2019-0973
https://www.mageni.net/cve/CVE-2019-0974
https://www.mageni.net/cve/CVE-2019-0983
https://www.mageni.net/cve/CVE-2019-0984
https://www.mageni.net/cve/CVE-2019-0986
https://www.mageni.net/cve/CVE-2019-0988
https://www.mageni.net/cve/CVE-2019-0989
https://www.mageni.net/cve/CVE-2019-0990
https://www.mageni.net/cve/CVE-2019-0991
https://www.mageni.net/cve/CVE-2019-0992
https://www.mageni.net/cve/CVE-2019-0993
https://www.mageni.net/cve/CVE-2019-0998
https://www.mageni.net/cve/CVE-2019-1003
https://www.mageni.net/cve/CVE-2019-1005
https://www.mageni.net/cve/CVE-2019-1007
https://www.mageni.net/cve/CVE-2019-1010
https://www.mageni.net/cve/CVE-2019-1012
https://www.mageni.net/cve/CVE-2019-1014
https://www.mageni.net/cve/CVE-2019-1017
https://www.mageni.net/cve/CVE-2019-1019
https://www.mageni.net/cve/CVE-2019-1021
https://www.mageni.net/cve/CVE-2019-1022
https://www.mageni.net/cve/CVE-2019-1023
https://www.mageni.net/cve/CVE-2019-1024
https://www.mageni.net/cve/CVE-2019-1025
https://www.mageni.net/cve/CVE-2019-1026
https://www.mageni.net/cve/CVE-2019-1027
https://www.mageni.net/cve/CVE-2019-1028
https://www.mageni.net/cve/CVE-2019-1038
https://www.mageni.net/cve/CVE-2019-1039
https://www.mageni.net/cve/CVE-2019-1040
https://www.mageni.net/cve/CVE-2019-1041
https://www.mageni.net/cve/CVE-2019-1043
https://www.mageni.net/cve/CVE-2019-1046
https://www.mageni.net/cve/CVE-2019-1050
https://www.mageni.net/cve/CVE-2019-1051
https://www.mageni.net/cve/CVE-2019-1052
https://www.mageni.net/cve/CVE-2019-1053
https://www.mageni.net/cve/CVE-2019-1054
https://www.mageni.net/cve/CVE-2019-1055
https://www.mageni.net/cve/CVE-2019-1064
https://www.mageni.net/cve/CVE-2019-1065
https://www.mageni.net/cve/CVE-2019-1069
https://www.mageni.net/cve/CVE-2019-1080
https://www.mageni.net/cve/CVE-2019-1081

References:

https://support.microsoft.com/en-us/help/4503293

Severity
High
CVSS Score
10.0
Published
2019-06-12
Modified
2019-06-12
Category
Windows : Microsoft Bulletins

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.