Microsoft Windows Server vulnerabilities

CVE-2019-1086 [HIGH] CVE-2019-1086: An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of P An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088.

CVE-2019-0999 [HIGH] CVE-2019-0999: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, ak An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

CVE-2019-0865 [HIGH] CVE-2019-0865: A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digita A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures., aka 'SymCrypt Denial of Service Vulnerability

CVE-2019-0975 [MEDIUM] CVE-2019-0975: A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) impr A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP address

CVE-2019-1091 [MEDIUM] CWE-200 CVE-2019-1091: An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'.

CVE-2019-1108 [MEDIUM] CWE-200 CVE-2019-1108: An information disclosure vulnerability exists when the Windows RDP client improperly discloses the An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.

CVE-2019-1094 [MEDIUM] CWE-200 CVE-2019-1094: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.

CVE-2019-0966 [MEDIUM] CWE-20 CVE-2019-0966: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly v A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.

CVE-2019-1071 [MEDIUM] CWE-200 CVE-2019-1071: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073.

CVE-2019-1096 [MEDIUM] CWE-200 CVE-2019-1096: An information disclosure vulnerability exists when the win32k component improperly provides kernel An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

CVE-2019-1074 [MEDIUM] CWE-59 CVE-2019-1074: An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with loca An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scen

CVE-2019-1093 [MEDIUM] CWE-200 CVE-2019-1093: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.

CVE-2019-0708 [CRITICAL] CWE-416 CVE-2019-0708: A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal S A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVE-2019-0725 [CRITICAL] CWE-787 CVE-2019-0725: A memory corruption vulnerability exists in the Windows Server DHCP service when processing speciall A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.

CVE-2019-0885 [HIGH] CWE-20 CVE-2019-0885: A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate u A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.

CVE-2019-0892 [HIGH] CVE-2019-0892: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CVE-2019-0734 [HIGH] CVE-2019-0734: An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacke An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka 'Windows Elevation of Privilege

CVE-2019-0931 [HIGH] CVE-2019-0931: An elevation of privilege vulnerability exists when the Storage Service improperly handles file oper An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

CVE-2019-0863 [HIGH] CVE-2019-0863: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles file An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

CVE-2019-0881 [HIGH] CWE-522 CVE-2019-0881: An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumer An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.