Msrc Windows Server Version 1803 vulnerabilities

CVE-2019-1171 [MEDIUM] SymCrypt Information Disclosure Vulnerability SymCrypt Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not

CVE-2019-0715 [MEDIUM] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest o

CVE-2019-0785 [CRITICAL] Windows DHCP Server Remote Code Execution Vulnerability Windows DHCP Server Remote Code Execution Vulnerability Description: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability,

CVE-2019-1102 [HIGH] GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are conf

CVE-2019-1067 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2019-1129 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the s

CVE-2019-1122 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t

CVE-2019-1090 [HIGH] Windows dnsrslvr.dll Elevation of Privilege Vulnerability Windows dnsrslvr.dll Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the

CVE-2019-1123 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t

CVE-2019-1124 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t

CVE-2019-1130 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the s

CVE-2019-1118 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t

CVE-2019-0880 [HIGH] Microsoft splwow64 Elevation of Privilege Vulnerability Microsoft splwow64 Elevation of Privilege Vulnerability Description: A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be

CVE-2019-1127 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t

CVE-2019-1121 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t

CVE-2019-1117 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t

CVE-2019-0811 [HIGH] Windows DNS Server Denial of Service Vulnerability Windows DNS Server Denial of Service Vulnerability Description: A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive. To exploit the vulnerability, an unauthenticated attacker could send malicious DNS queries to an affected server, resulting in a denial

CVE-2019-1087 [HIGH] Windows Audio Service Elevation of Privilege Vulnerability Windows Audio Service Elevation of Privilege Vulnerability Description: An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code

CVE-2019-0865 [HIGH] SymCrypt Denial of Service Vulnerability SymCrypt Denial of Service Vulnerability Description: A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature. An attacker could exploit the vulnerability by creating a specially crafted connection or message. The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures. Microsoft Windows: Microsoft Windows Microsoft: Microsoft Imp

CVE-2019-1128 [HIGH] DirectWrite Remote Code Execution Vulnerability DirectWrite Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit t