Msrc Windows Server Version 1803 vulnerabilities

CVE-2019-0790 [HIGH] MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. Howe

CVE-2019-0814 [MEDIUM] Win32k Information Disclosure Vulnerability Win32k Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security

CVE-2019-0688 [HIGH] Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to send specially crafted fragmented IP packets to a remote Wind

CVE-2019-0841 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the s

CVE-2019-0837 [MEDIUM] DirectX Information Disclosure Vulnerability DirectX Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correc

CVE-2019-0840 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

CVE-2019-0726 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability Windows DHCP Client Remote Code Execution Vulnerability Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The secu

CVE-2019-0697 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability Windows DHCP Client Remote Code Execution Vulnerability Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The secu

CVE-2019-0698 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability Windows DHCP Client Remote Code Execution Vulnerability Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The secu

CVE-2019-0696 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2019-0682 [HIGH] Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update

CVE-2019-0603 [HIGH] Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could creat

CVE-2019-0797 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an

CVE-2019-0694 [HIGH] Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update

CVE-2019-0692 [HIGH] Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update

CVE-2019-0693 [HIGH] Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update

CVE-2019-0689 [HIGH] Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update

CVE-2019-0701 [MEDIUM] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host ma

CVE-2019-0766 [HIGH] Microsoft Windows Elevation of Privilege Vulnerability Microsoft Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The

CVE-2019-0695 [MEDIUM] Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclos