Msrc Windows 10 Version 1709 vulnerabilities

CVE-2019-1316 [HIGH] Microsoft Windows Setup Elevation of Privilege Vulnerability Microsoft Windows Setup Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would fir

CVE-2019-1341 [HIGH] Windows Power Service Elevation of Privilege Vulnerability Windows Power Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function. An attacker who successfully exploited this vulnerability could delete a targeted registry key leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. A

CVE-2019-1311 [HIGH] Windows Imaging API Remote Code Execution Vulnerability Windows Imaging API Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted .WIM f

CVE-2019-1342 [HIGH] Windows Error Reporting Manager Elevation of Privilege Vulnerability Windows Error Reporting Manager Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An a

CVE-2019-1319 [HIGH] Windows Error Reporting Elevation of Privilege Vulnerability Windows Error Reporting Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functional

CVE-2019-1345 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

CVE-2019-1060 [HIGH] MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. Howe

CVE-2019-1344 [MEDIUM] Windows Code Integrity Module Information Disclosure Vulnerability Windows Code Integrity Module Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected sys

CVE-2019-1325 [MEDIUM] Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems. When this vulnerability is exploited within other versions of Windows it can cause a denial of

CVE-2019-1166 [MEDIUM] Windows NTLM Tampering Vulnerability Windows NTLM Tampering Vulnerability Description: A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker

CVE-2019-1343 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2019-1317 [HIGH] Microsoft Windows Denial of Service Vulnerability Microsoft Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would allow an attacker to ove

CVE-2019-1334 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

CVE-2019-1346 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2019-1347 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2019-1232 [HIGH] Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could e

CVE-2019-1271 [HIGH] Windows Media Elevation of Privilege Vulnerability Windows Media Elevation of Privilege Vulnerability Description: An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could

CVE-2019-1235 [HIGH] Windows Text Service Framework Elevation of Privilege Vulnerability Windows Text Service Framework Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This

CVE-2019-1241 [HIGH] Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the v

CVE-2019-1280 [HIGH] LNK Remote Code Execution Vulnerability LNK Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative