Microsoft Windows Multiple Vulnerabilities (KB4512508)

Published: 2019-08-14 03:56:41
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is missing a critical security update according to Microsoft KB4512508

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. - Windows improperly handles objects in memory. - Windows GDI component improperly discloses the contents of its memory. - Windows font library improperly handles specially crafted embedded fonts. - Windows improperly handles calls to Advanced Local Procedure Call (ALPC). - Windows Jet Database Engine improperly handles objects in memory. - The Chakra scripting engine handles objects in memory in Microsoft Edge. - Windows RDP server improperly discloses the contents of its memory. - Windows kernel fails to properly handle objects in memory.

Impact:
Successful exploitation will allow an attacker to run arbitrary code in the security context of the local system, cause the host server to crash, elevate permissions and obtain information to further compromise the user's system.

Affected Versions:
Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems

Recommendations:
The vendor has released updates. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:
Executable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-0714
https://nvd.nist.gov/vuln/detail/CVE-2019-0715
https://nvd.nist.gov/vuln/detail/CVE-2019-1164
https://nvd.nist.gov/vuln/detail/CVE-2019-1168
https://nvd.nist.gov/vuln/detail/CVE-2019-1170
https://nvd.nist.gov/vuln/detail/CVE-2019-1171
https://nvd.nist.gov/vuln/detail/CVE-2019-1172
https://nvd.nist.gov/vuln/detail/CVE-2019-0716
https://nvd.nist.gov/vuln/detail/CVE-2019-0717
https://nvd.nist.gov/vuln/detail/CVE-2019-0718
https://nvd.nist.gov/vuln/detail/CVE-2019-0723
https://nvd.nist.gov/vuln/detail/CVE-2019-1173
https://nvd.nist.gov/vuln/detail/CVE-2019-1174
https://nvd.nist.gov/vuln/detail/CVE-2019-1175
https://nvd.nist.gov/vuln/detail/CVE-2019-1176
https://nvd.nist.gov/vuln/detail/CVE-2019-1177
https://nvd.nist.gov/vuln/detail/CVE-2019-0965
https://nvd.nist.gov/vuln/detail/CVE-2019-1030
https://nvd.nist.gov/vuln/detail/CVE-2019-1057
https://nvd.nist.gov/vuln/detail/CVE-2019-1178
https://nvd.nist.gov/vuln/detail/CVE-2019-1179
https://nvd.nist.gov/vuln/detail/CVE-2019-1180
https://nvd.nist.gov/vuln/detail/CVE-2019-1078
https://nvd.nist.gov/vuln/detail/CVE-2019-1131
https://nvd.nist.gov/vuln/detail/CVE-2019-1133
https://nvd.nist.gov/vuln/detail/CVE-2019-1139
https://nvd.nist.gov/vuln/detail/CVE-2019-1181
https://nvd.nist.gov/vuln/detail/CVE-2019-1182
https://nvd.nist.gov/vuln/detail/CVE-2019-1183
https://nvd.nist.gov/vuln/detail/CVE-2019-1184
https://nvd.nist.gov/vuln/detail/CVE-2019-1145
https://nvd.nist.gov/vuln/detail/CVE-2019-1146
https://nvd.nist.gov/vuln/detail/CVE-2019-1192
https://nvd.nist.gov/vuln/detail/CVE-2019-1193
https://nvd.nist.gov/vuln/detail/CVE-2019-1147
https://nvd.nist.gov/vuln/detail/CVE-2019-1148
https://nvd.nist.gov/vuln/detail/CVE-2019-1149
https://nvd.nist.gov/vuln/detail/CVE-2019-1194
https://nvd.nist.gov/vuln/detail/CVE-2019-1195
https://nvd.nist.gov/vuln/detail/CVE-2019-1196
https://nvd.nist.gov/vuln/detail/CVE-2019-1197
https://nvd.nist.gov/vuln/detail/CVE-2019-1198
https://nvd.nist.gov/vuln/detail/CVE-2019-1150
https://nvd.nist.gov/vuln/detail/CVE-2019-1151
https://nvd.nist.gov/vuln/detail/CVE-2019-1206
https://nvd.nist.gov/vuln/detail/CVE-2019-1212
https://nvd.nist.gov/vuln/detail/CVE-2019-1222
https://nvd.nist.gov/vuln/detail/CVE-2019-1223
https://nvd.nist.gov/vuln/detail/CVE-2019-1152
https://nvd.nist.gov/vuln/detail/CVE-2019-1153
https://nvd.nist.gov/vuln/detail/CVE-2019-1224
https://nvd.nist.gov/vuln/detail/CVE-2019-1225
https://nvd.nist.gov/vuln/detail/CVE-2019-1226
https://nvd.nist.gov/vuln/detail/CVE-2019-1227
https://nvd.nist.gov/vuln/detail/CVE-2019-9506
https://nvd.nist.gov/vuln/detail/CVE-2019-1155
https://nvd.nist.gov/vuln/detail/CVE-2019-1156
https://nvd.nist.gov/vuln/detail/CVE-2019-9511
https://nvd.nist.gov/vuln/detail/CVE-2019-9512
https://nvd.nist.gov/vuln/detail/CVE-2019-9513
https://nvd.nist.gov/vuln/detail/CVE-2019-9514
https://nvd.nist.gov/vuln/detail/CVE-2019-9518
https://nvd.nist.gov/vuln/detail/CVE-2019-1157
https://nvd.nist.gov/vuln/detail/CVE-2019-1158
https://nvd.nist.gov/vuln/detail/CVE-2019-1159
https://nvd.nist.gov/vuln/detail/CVE-2019-1162
https://nvd.nist.gov/vuln/detail/CVE-2019-1163
https://nvd.nist.gov/vuln/detail/CVE-2019-1140
https://nvd.nist.gov/vuln/detail/CVE-2019-1141
https://nvd.nist.gov/vuln/detail/CVE-2019-1143
https://nvd.nist.gov/vuln/detail/CVE-2019-1144
https://nvd.nist.gov/vuln/detail/CVE-2019-1185
https://nvd.nist.gov/vuln/detail/CVE-2019-1186
https://nvd.nist.gov/vuln/detail/CVE-2019-1187
https://nvd.nist.gov/vuln/detail/CVE-2019-1188
https://nvd.nist.gov/vuln/detail/CVE-2019-1190

CVE Analysis

https://www.mageni.net/cve/CVE-2019-0714
https://www.mageni.net/cve/CVE-2019-0715
https://www.mageni.net/cve/CVE-2019-1164
https://www.mageni.net/cve/CVE-2019-1168
https://www.mageni.net/cve/CVE-2019-1170
https://www.mageni.net/cve/CVE-2019-1171
https://www.mageni.net/cve/CVE-2019-1172
https://www.mageni.net/cve/CVE-2019-0716
https://www.mageni.net/cve/CVE-2019-0717
https://www.mageni.net/cve/CVE-2019-0718
https://www.mageni.net/cve/CVE-2019-0723
https://www.mageni.net/cve/CVE-2019-1173
https://www.mageni.net/cve/CVE-2019-1174
https://www.mageni.net/cve/CVE-2019-1175
https://www.mageni.net/cve/CVE-2019-1176
https://www.mageni.net/cve/CVE-2019-1177
https://www.mageni.net/cve/CVE-2019-0965
https://www.mageni.net/cve/CVE-2019-1030
https://www.mageni.net/cve/CVE-2019-1057
https://www.mageni.net/cve/CVE-2019-1178
https://www.mageni.net/cve/CVE-2019-1179
https://www.mageni.net/cve/CVE-2019-1180
https://www.mageni.net/cve/CVE-2019-1078
https://www.mageni.net/cve/CVE-2019-1131
https://www.mageni.net/cve/CVE-2019-1133
https://www.mageni.net/cve/CVE-2019-1139
https://www.mageni.net/cve/CVE-2019-1181
https://www.mageni.net/cve/CVE-2019-1182
https://www.mageni.net/cve/CVE-2019-1183
https://www.mageni.net/cve/CVE-2019-1184
https://www.mageni.net/cve/CVE-2019-1145
https://www.mageni.net/cve/CVE-2019-1146
https://www.mageni.net/cve/CVE-2019-1192
https://www.mageni.net/cve/CVE-2019-1193
https://www.mageni.net/cve/CVE-2019-1147
https://www.mageni.net/cve/CVE-2019-1148
https://www.mageni.net/cve/CVE-2019-1149
https://www.mageni.net/cve/CVE-2019-1194
https://www.mageni.net/cve/CVE-2019-1195
https://www.mageni.net/cve/CVE-2019-1196
https://www.mageni.net/cve/CVE-2019-1197
https://www.mageni.net/cve/CVE-2019-1198
https://www.mageni.net/cve/CVE-2019-1150
https://www.mageni.net/cve/CVE-2019-1151
https://www.mageni.net/cve/CVE-2019-1206
https://www.mageni.net/cve/CVE-2019-1212
https://www.mageni.net/cve/CVE-2019-1222
https://www.mageni.net/cve/CVE-2019-1223
https://www.mageni.net/cve/CVE-2019-1152
https://www.mageni.net/cve/CVE-2019-1153
https://www.mageni.net/cve/CVE-2019-1224
https://www.mageni.net/cve/CVE-2019-1225
https://www.mageni.net/cve/CVE-2019-1226
https://www.mageni.net/cve/CVE-2019-1227
https://www.mageni.net/cve/CVE-2019-9506
https://www.mageni.net/cve/CVE-2019-1155
https://www.mageni.net/cve/CVE-2019-1156
https://www.mageni.net/cve/CVE-2019-9511
https://www.mageni.net/cve/CVE-2019-9512
https://www.mageni.net/cve/CVE-2019-9513
https://www.mageni.net/cve/CVE-2019-9514
https://www.mageni.net/cve/CVE-2019-9518
https://www.mageni.net/cve/CVE-2019-1157
https://www.mageni.net/cve/CVE-2019-1158
https://www.mageni.net/cve/CVE-2019-1159
https://www.mageni.net/cve/CVE-2019-1162
https://www.mageni.net/cve/CVE-2019-1163
https://www.mageni.net/cve/CVE-2019-1140
https://www.mageni.net/cve/CVE-2019-1141
https://www.mageni.net/cve/CVE-2019-1143
https://www.mageni.net/cve/CVE-2019-1144
https://www.mageni.net/cve/CVE-2019-1185
https://www.mageni.net/cve/CVE-2019-1186
https://www.mageni.net/cve/CVE-2019-1187
https://www.mageni.net/cve/CVE-2019-1188
https://www.mageni.net/cve/CVE-2019-1190

References:

https://support.microsoft.com/en-us/help/4512508

Severity
High
CVSS Score
10.0
Published
2019-08-14
Modified
2019-08-14
Category
Windows : Microsoft Bulletins

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.