Microsoft Windows Multiple Vulnerabilities (KB4517389)

Published: 2019-10-09 04:43:33
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

This host is missing a critical security update according to Microsoft KB4517389

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. - Chakra scripting engine improperly handles objects in memory in Microsoft Edge. - A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non Extended Master Secret (EMS) sessions. - Microsoft Windows Update Client does not properly handle privileges. - Windows Error Reporting manager improperly handles process crashes. - Microsoft Browsers does not properly parse HTTP content. - Scripting engine handles objects in memory in Internet Explorer. For more information about the vulnerabilities refer Reference links.

Successful exploitation will allow an attacker to run arbitrary code on the client machine, bypass security restrictions, elevate privileges and read privileged data across trust boundaries, create a denial of service condition and conduct spoofing attack.

Affected Versions:
Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems

The vendor has released updates. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.