Microsoft Windows 10 vulnerabilities

CVE-2019-1225 [HIGH] CWE-200 CVE-2019-1225: An information disclosure vulnerability exists when the Windows RDP server improperly discloses the An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially

CVE-2019-1188 [HIGH] CWE-59 CVE-2019-1188: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execu A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who

CVE-2019-1223 [HIGH] CVE-2019-1223: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a speci

CVE-2019-1151 [HIGH] CWE-787 CVE-2019-1151: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1179 [HIGH] CVE-2019-1179: An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in m An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability

CVE-2019-1152 [HIGH] CWE-787 CVE-2019-1152: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1145 [HIGH] CWE-119 CVE-2019-1145: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1185 [HIGH] CWE-121 CVE-2019-1185: An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Li An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnera

CVE-2019-1177 [HIGH] CWE-269 CVE-2019-1177: An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memo An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerab

CVE-2019-1162 [HIGH] CWE-269 CVE-2019-1162: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Loc An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with fu

CVE-2019-1183 [HIGH] CVE-2019-1183: This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by th This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required.

CVE-2019-1155 [HIGH] CVE-2019-1155: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-1149 [HIGH] CWE-787 CVE-2019-1149: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1157 [HIGH] CWE-94 CVE-2019-1157: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vuln

CVE-2019-1224 [HIGH] CWE-200 CVE-2019-1224: An information disclosure vulnerability exists when the Windows RDP server improperly discloses the An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially

CVE-2019-1146 [HIGH] CVE-2019-1146: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-0718 [MEDIUM] CWE-20 CVE-2019-0718: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-1158 [MEDIUM] CWE-200 CVE-2019-1158: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open

CVE-2019-1078 [MEDIUM] CWE-200 CVE-2019-1078: An information disclosure vulnerability exists when the Windows Graphics component improperly handle An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The u

CVE-2019-0723 [MEDIUM] CWE-20 CVE-2019-0723: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account