Msrc Windows 10 Version 1709 vulnerabilities

CVE-2019-1246 [HIGH] Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the v

CVE-2019-1244 [MEDIUM] DirectWrite Information Disclosure Vulnerability DirectWrite Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted doc

CVE-2019-1270 [MEDIUM] Microsoft Windows Store Installer Elevation of Privilege Vulnerability Microsoft Windows Store Installer Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. To exploit this vulnerability, an attacker would first have to lo

CVE-2019-1219 [MEDIUM] Windows Transaction Manager Information Disclosure Vulnerability Windows Transaction Manager Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. To exploit the vulnerability, an attacker would first have to log on to the system, an

CVE-2019-1293 [MEDIUM] Windows SMB Client Driver Information Disclosure Vulnerability Windows SMB Client Driver Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. To exploit this vulnerability, an attacker would have to log on to the system

CVE-2019-1286 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a special

CVE-2019-1272 [HIGH] Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system.

CVE-2019-1268 [HIGH] Winlogon Elevation of Privilege Vulnerability Winlogon Elevation of Privilege Vulnerability Description: An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the

CVE-2019-1282 [MEDIUM] Windows Common Log File System Driver Information Disclosure Vulnerability Windows Common Log File System Driver Information Disclosure Vulnerability Description: An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. To exploit the vulnerability, an attacker would first have to

CVE-2019-1245 [MEDIUM] DirectWrite Information Disclosure Vulnerability DirectWrite Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted doc

CVE-2019-1252 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a special

CVE-2019-1269 [HIGH] Windows ALPC Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user ri

CVE-2019-1274 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted app

CVE-2019-9506 [HIGH] Encryption Key Negotiation of Bluetooth Vulnerability Encryption Key Negotiation of Bluetooth Vulnerability Description: Executive Summary Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as "Bluetooth Classic") key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 by

CVE-2019-1181 [CRITICAL] Remote Desktop Services Remote Code Execution Vulnerability Remote Desktop Services Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this

CVE-2019-1212 [CRITICAL] Windows DHCP Server Denial of Service Vulnerability Windows DHCP Server Denial of Service Vulnerability Description: A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP ser

CVE-2019-0736 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability Windows DHCP Client Remote Code Execution Vulnerability Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The secu

CVE-2019-1182 [CRITICAL] Remote Desktop Services Remote Code Execution Vulnerability Remote Desktop Services Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this

CVE-2019-9513 [HIGH] HTTP/2 Server Denial of Service Vulnerability HTTP/2 Server Denial of Service Vulnerability Description: A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a sp

CVE-2019-1150 [HIGH] Microsoft Graphics Remote Code Execution Vulnerability Microsoft Graphics Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos