Microsoft Windows 10 vulnerabilities

CVE-2019-1187 [MEDIUM] CWE-611 CVE-2019-1187: A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XM A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application

CVE-2019-0716 [MEDIUM] CVE-2019-0716: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attac A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an

CVE-2019-0715 [MEDIUM] CWE-20 CVE-2019-0715: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-0717 [MEDIUM] CWE-20 CVE-2019-0717: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-1227 [MEDIUM] CWE-200 CVE-2019-1227: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted applic

CVE-2019-1184 [MEDIUM] CVE-2019-1184: An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improper An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An

CVE-2019-1171 [MEDIUM] CWE-200 CVE-2019-1171: An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An atta An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulne

CVE-2019-1143 [MEDIUM] CWE-200 CVE-2019-1143: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open

CVE-2019-0714 [MEDIUM] CWE-20 CVE-2019-0714: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-1172 [MEDIUM] CWE-200 CVE-2019-1172: An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MS An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would have to trick a user into browsing to a specially crafted website, allowing t

CVE-2019-1163 [MEDIUM] CWE-354 CVE-2019-1163: A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convi

CVE-2019-1153 [MEDIUM] CWE-125 CVE-2019-1153: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component imprope An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a spe

CVE-2019-1148 [MEDIUM] CWE-125 CVE-2019-1148: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component imprope An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a spe

CVE-2019-1198 [MEDIUM] CVE-2019-1198: An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the v An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. Howev

CVE-2019-1127 [HIGH] CVE-2019-1127: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.

CVE-2019-1118 [HIGH] CVE-2019-1118: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVE-2019-1121 [HIGH] CVE-2019-1121: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVE-2019-1090 [HIGH] CVE-2019-1090: An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in m An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'.

CVE-2019-1123 [HIGH] CVE-2019-1123: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVE-2019-1082 [HIGH] CVE-2019-1082: An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., ak