Microsoft Windows 7 Service Pack 1 vulnerabilities

CVE-2019-0943 [HIGH] CVE-2019-0943: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Loc An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user

CVE-2019-0908 [HIGH] CVE-2019-0908: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-1028 [HIGH] CVE-2019-1028: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited th An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. Howe

CVE-2019-0904 [HIGH] CVE-2019-0904: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-0984 [HIGH] CVE-2019-0984: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted appli

CVE-2019-0888 [HIGH] CVE-2019-0888: A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objec A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The secu

CVE-2019-0985 [HIGH] CWE-787 CVE-2019-0985: A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially

CVE-2019-1017 [HIGH] CVE-2019-1017: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vul

CVE-2019-0973 [HIGH] CWE-20 CVE-2019-0973: An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer f An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new

CVE-2019-1045 [HIGH] CVE-2019-1045: An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addres

CVE-2019-0905 [HIGH] CVE-2019-0905: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-0909 [HIGH] CVE-2019-0909: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-1019 [HIGH] CWE-200 CVE-2019-1019: A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the sessio A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue

CVE-2019-0974 [HIGH] CVE-2019-0974: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-1010 [MEDIUM] CWE-200 CVE-2019-1010: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to op

CVE-2019-0972 [MEDIUM] CVE-2019-0972: This security update corrects a denial of service in the Local Security Authority Subsystem Service This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic rebo

CVE-2019-1013 [MEDIUM] CWE-200 CVE-2019-1013: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to op

CVE-2019-0713 [MEDIUM] CWE-20 CVE-2019-0713: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly v A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that cau

CVE-2019-0941 [MEDIUM] CWE-19 CVE-2019-0941: A denial of service exists in Microsoft IIS Server when the optional request filtering feature impro A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted req

CVE-2019-0968 [MEDIUM] CVE-2019-0968: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a spe