cbcvebase.
CVE-2019-1337
published 2019-10-10

CVE-2019-1337: An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information…

PriorityP429medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
2.05%
78.9th percentile
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.

Affected

19 ranges
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_version_1903_for_32-bit_systems
microsoftwindows_10_version_1903_for_arm64-based_systems
microsoftwindows_10_version_1903_for_x64-based_systems
microsoftwindows_server
microsoftwindows_server
microsoftwindows_server_2016
msrcwindows_10_version_1809_for_32-bit_systems
msrcwindows_10_version_1809_for_arm64-based_systems
msrcwindows_10_version_1809_for_x64-based_systems
msrcwindows_10_version_1903_for_32-bit_systems
msrcwindows_10_version_1903_for_arm64-based_systems
msrcwindows_10_version_1903_for_x64-based_systems
msrcwindows_server_2019
msrcwindows_server_version_1903

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.