CVE-2019-1469
published 2019-12-10CVE-2019-1469: An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
Affected
60 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
GHSA
GHSA-5h6m-fg6x-4p4v: An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vu
ghsa_unreviewed·2022-05-24
CVE-2019-1469 [MEDIUM] CWE-200 GHSA-5h6m-fg6x-4p4v: An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vu
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
Microsoft
Win32k Information Disclosure Vulnerability
vendor_msrc·2019-12-10·CVSS 5.5
CVE-2019-1469 [MEDIUM] Win32k Information Disclosure Vulnerability
Win32k Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how win32k handles objects in memory.
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel sp
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight b
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight below.
CVE-2019-1468 is a remote code execution vulnerability in the Windows font libr
Zscaler
Zscaler found a New Security Vulnerabilities | 12-10-2019
blogs_zscaler·CVSS 5.5
[MEDIUM] Zscaler found a New Security Vulnerabilities | 12-10-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2019-12-10
Published