Microsoft Windows Multiple Vulnerabilities (KB4520011)

Published: 2019-10-09 04:43:33
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

This host is missing a critical security update according to Microsoft KB4520011

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - Speculative execution side channel vulnerabilities known as Microarchitectural Data Sampling. - Microsoft Browsers does not properly parse HTTP content. - Chakra scripting engine improperly handles objects in memory in Microsoft Edge. - Windows Imaging API improperly handles objects in memory. - The 'umpo.dll' of the Power Service, improperly handles a Registry Restore Key function. - Windows Error Reporting manager improperly handles hard links. - Internet Explorer improperly accesses objects in memory. For more information about the vulnerabilities refer Reference links.

Successful exploitation will allow an attacker to run arbitrary code on the client machine, elevate privileges and read privileged data across trust boundaries, create a denial of service condition and conduct spoofing attack.

Affected Versions:
Windows 10 for x64-based Systems Windows 10 for 32-bit Systems

The vendor has released updates. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.