Microsoft Windows 10 Version 1809 vulnerabilities

CVE-2019-1180 [HIGH] CVE-2019-1180: An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in mem An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability b

CVE-2019-1174 [HIGH] CWE-1257 CVE-2019-1174: An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles obj An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses

CVE-2019-1176 [HIGH] CVE-2019-1176: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would

CVE-2019-1156 [HIGH] CVE-2019-1156: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-1178 [HIGH] CVE-2019-1178: An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in me An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability

CVE-2019-1190 [HIGH] CVE-2019-1190: An elevation of privilege vulnerability exists in the way that the Windows kernel image handles obje An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulne

CVE-2019-1159 [HIGH] CVE-2019-1159: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, a

CVE-2019-1150 [HIGH] CWE-787 CVE-2019-1150: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1164 [HIGH] CWE-1260 CVE-2019-1164: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2019-1057 [HIGH] CWE-611 CVE-2019-1057: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser proce A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML thr

CVE-2019-1186 [HIGH] CVE-2019-1186: An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in mem An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability b

CVE-2019-1173 [HIGH] CVE-2019-1173: An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles obj An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vuln

CVE-2019-1168 [HIGH] CVE-2019-1168: An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploite An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take co

CVE-2019-1144 [HIGH] CWE-415 CVE-2019-1144: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1147 [HIGH] CVE-2019-1147: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-1225 [HIGH] CWE-200 CVE-2019-1225: An information disclosure vulnerability exists when the Windows RDP server improperly discloses the An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially

CVE-2019-1188 [HIGH] CWE-59 CVE-2019-1188: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execu A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who

CVE-2019-1223 [HIGH] CVE-2019-1223: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a speci

CVE-2019-1151 [HIGH] CWE-787 CVE-2019-1151: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1179 [HIGH] CVE-2019-1179: An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in m An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability