Msrc Windows Rt 8.1 vulnerabilities

CVE-2019-1319 [HIGH] Windows Error Reporting Elevation of Privilege Vulnerability Windows Error Reporting Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functional

CVE-2019-1060 [HIGH] MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. Howe

CVE-2019-1344 [MEDIUM] Windows Code Integrity Module Information Disclosure Vulnerability Windows Code Integrity Module Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected sys

CVE-2019-1325 [MEDIUM] Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems. When this vulnerability is exploited within other versions of Windows it can cause a denial of

CVE-2019-1166 [MEDIUM] Windows NTLM Tampering Vulnerability Windows NTLM Tampering Vulnerability Description: A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker

CVE-2019-1343 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2019-1334 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

CVE-2019-1346 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2019-1347 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2019-1271 [HIGH] Windows Media Elevation of Privilege Vulnerability Windows Media Elevation of Privilege Vulnerability Description: An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could

CVE-2019-1235 [HIGH] Windows Text Service Framework Elevation of Privilege Vulnerability Windows Text Service Framework Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This

CVE-2019-1241 [HIGH] Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the v

CVE-2019-1280 [HIGH] LNK Remote Code Execution Vulnerability LNK Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative

CVE-2019-1291 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts

CVE-2019-1242 [HIGH] Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the v

CVE-2019-1287 [HIGH] Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a sp

CVE-2019-1214 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to th

CVE-2019-1215 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensu

CVE-2019-0788 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts

CVE-2019-1243 [HIGH] Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the v