overview - nsfocus · overview microsoft released the january 2019 security patch on tuesday that...
TRANSCRIPT
© NSFOCUS 2018 https://www.nsfocusglobal.com
Microsoft's January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert
Overview
Microsoft released the January 2019 security patch on Tuesday that fixes 51 vulnerabilities ranging from simple spoofing attacks to remote
code execution in various products, including .NET Framework, Adobe Flash Player, Android App, ASP.NET, Internet Explorer, Microsoft
Edge, Microsoft Exchange Server, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine,
Microsoft Windows, Microsoft XML, Servicing Stack Updates, Visual Studio, Windows COM, Windows DHCP Client, Windows Hyper-V,
Windows Kernel, and Windows Subsystem for Linux.
Details can be found in the following table.
Product CVE ID CVE Title Severity Level
.NET Framework CVE-2019-0545
.NET Framework
Information Disclosure
Vulnerability
Important
© NSFOCUS 2018 https://www.nsfocusglobal.com
Adobe Flash Player ADV190001 January 2019 Adobe Flash Update Unknown
Android App CVE-2019-0622 Skype for Android Privilege
Escalation Vulnerability Moderate
ASP.NET CVE-2019-0548 ASP.NET Core Denial-of-Service
Vulnerability Important
ASP.NET CVE-2019-0564 ASP.NET Core Denial-of-Service
Vulnerability Important
Internet Explorer CVE-2019-0541 MSHTML Engine Remote Code
Execution Vulnerability Important
Microsoft Edge CVE-2019-0565 Microsoft Edge Memory
Corruption Vulnerability Critical
Microsoft Edge CVE-2019-0566 Microsoft Edge Privilege
Escalation Vulnerability Important
Microsoft Exchange Server CVE-2019-0586 Microsoft Exchange Memory
Corruption Vulnerability Important
© NSFOCUS 2018 https://www.nsfocusglobal.com
Microsoft Exchange Server CVE-2019-0588
Microsoft Exchange
Information Disclosure
Vulnerability
Important
Microsoft JET Database Engine CVE-2019-0538 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0575 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0576 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0577 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0578 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0579 Jet Database Engine Remote Code
Execution Vulnerability Important
© NSFOCUS 2018 https://www.nsfocusglobal.com
Microsoft JET Database Engine CVE-2019-0580 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0581 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0582 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0583 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0584 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft Office CVE-2019-0585 Microsoft Word Remote Code
Execution Vulnerability Important
Microsoft Office CVE-2019-0559
Microsoft Outlook
Information Disclosure
Vulnerability
Important
© NSFOCUS 2018 https://www.nsfocusglobal.com
Microsoft Office CVE-2019-0560
Microsoft Office
Information Disclosure
Vulnerability
Important
Microsoft Office CVE-2019-0561
Microsoft Word
Information Disclosure
Vulnerability
Important
Microsoft Office SharePoint CVE-2019-0556 Microsoft Office SharePoint XSS
Vulnerability Important
Microsoft Office SharePoint CVE-2019-0557 Microsoft Office SharePoint XSS
Vulnerability Important
Microsoft Office SharePoint CVE-2019-0558 Microsoft Office SharePoint XSS
Vulnerability Important
Microsoft Office SharePoint CVE-2019-0562 Microsoft SharePoint Privilege
Escalation Vulnerability Important
Microsoft Scripting Engine CVE-2019-0539 Chakra Scripting Engine Memory
Corruption Vulnerability Critical
© NSFOCUS 2018 https://www.nsfocusglobal.com
Microsoft Scripting Engine CVE-2019-0567 Chakra Scripting Engine Memory
Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0568 Chakra Scripting Engine Memory
Corruption Vulnerability Critical
Microsoft Windows CVE-2019-0543 Microsoft Windows Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2019-0570 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2019-0571 Windows Data Sharing Service
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0572 Windows Data Sharing Service
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0573 Windows Data Sharing Service
Privilege Escalation Vulnerability Important
© NSFOCUS 2018 https://www.nsfocusglobal.com
Microsoft Windows CVE-2019-0574 Windows Data Sharing Service
Privilege Escalation Vulnerability Important
Microsoft XML CVE-2019-0555 Microsoft XmlDocument Privilege
Escalation Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Visual Studio CVE-2019-0537
Microsoft Visual Studio
Information Disclosure
Vulnerability
Important
Visual Studio CVE-2019-0546 Visual Studio Remote Code
Execution Vulnerability Moderate
Windows COM CVE-2019-0552 Windows COM Privilege
Escalation Vulnerability Important
Windows DHCP Client CVE-2019-0547 Windows DHCP Client Remote
Code Execution Vulnerability Critical
© NSFOCUS 2018 https://www.nsfocusglobal.com
Windows Hyper-V CVE-2019-0550 Windows Hyper-V Remote Code
Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0551 Windows Hyper-V Remote Code
Execution Vulnerability Critical
Windows Kernel CVE-2019-0536
Windows Kernel
Information Disclosure
Vulnerability
Important
Windows Kernel CVE-2019-0549
Windows Kernel
Information Disclosure
Vulnerability
Important
Windows Kernel CVE-2019-0554
Windows Kernel
Information Disclosure
Vulnerability
Important
Windows Kernel CVE-2019-0569
Windows Kernel
Information Disclosure
Vulnerability
Important
© NSFOCUS 2018 https://www.nsfocusglobal.com
Windows Subsystem for Linux CVE-2019-0553
Windows Subsystem for Linux
Information Disclosure
Vulnerability
Important
Recommended Mitigation Measure
Microsoft has released the January 2019 security patch to fix these issues. Please install the patch as soon as possible.
Appendix
ADV190001 - January 2019 Adobe Flash Update
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
ADV190001
MITRE
NVD
CVE Title: January 2019 Adobe Flash Update
Description: Unknown Unknown
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
This update does not address any security vulnerabilities. For more information, please
see APSB19-01.
Note: Please disregard mentions of security or vulnerability in this advisory. These are
hardcoded titles that we were unable to change for this non-security Adobe Flash update.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV190001
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Adobe Flash Player on Windows Server 2012
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for 32-bit systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for x64-based
systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2012 R2
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows RT 8.1
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV190001
Adobe Flash Player on Windows 10 for 32-bit Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for x64-based
Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2016
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for 32-
bit Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for
x64-based Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1703 for 32-
bit Systems
4480979
Update
4471331 Base: N/A
Temporal: Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV190001
N/A
Vector: N/A
Adobe Flash Player on Windows 10 Version 1703 for
x64-based Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1709 for 32-
bit Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1709 for
x64-based Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1803 for 32-
bit Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1803 for
x64-based Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV190001
Adobe Flash Player on Windows 10 Version 1803 for
ARM64-based Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1809 for 32-
bit Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1809 for
x64-based Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1809 for
ARM64-based Systems
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2019
4480979
Update
4471331
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1709 for
ARM64-based Systems
4480979
Update
4471331 Base: N/A
Temporal: Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV190001
N/A
Vector: N/A
ADV990001 - Latest Servicing Stack Updates
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
ADV990001
MITRE
NVD
CVE Title: Latest Servicing Stack Updates
Description:
This is a list of the latest servicing stack updates for each operating sytem. This list will be
updated whenever a new servicing stack update is released. It is important to install the latest
servicing stack update.
FAQ:
1. Why are all of the Servicing Stack Updates (SSU) critical updates?
The SSUs are classified as Critical updates. This does not indicate that there is a critical
vulnerability being addressed in the update.
2. When was the most recent SSU released for each version of Microsoft Windows?
Critical Defense
in Depth
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Please refer to the following table for the most recent SSU release. We will update the entries
any time a new SSU is released:
Product SSU Package Date Released
Windows Server 2008 955430 May 2009
Windows 7/Server 2008 R2 3177467 October 2018
Windows Server 2012 3173426 July 2016
Windows 8.1/Server 2012 R2 3173424 July 2016
Windows 10 4093430 April 2018
Windows 10 Version 1607/Server 2016 4465659 November 2018
Windows 10 Version 1703 4486458 January 2019
Windows 10 1709/Windows Server, version 1709 4477136 December 2018
Windows 10 1803/Windows Server, version 1803 4477137 December 2018
Windows 10 1809/Server 2019 4470788 December 2018
Mitigations:
None
Workarounds:
None
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Revision:
2.0 12/05/2018 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows
Server 2019. See the FAQ section for more information.
1.0 11/13/2018 08:00:00
Information published.
1.1 11/14/2018 08:00:00
Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an
informational change only.
2.0 12/05/2018 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows
Server 2019. See the FAQ section for more information.
4.0 01/08/2019 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ
section for more information.
1.2 12/03/2018 08:00:00
FAQs have been added to further explain Security Stack Updates. The FAQs include a table
that indicates the most recent SSU release for each Windows version. This is an informational
change only.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
3.1 12/11/2018 08:00:00
Updated supersedence information. This is an informational change only.
3.0 12/11/2018 08:00:00
A Servicing Stack Update has been released for Windows 10 Version 1709, Windows Server,
version 1709 (Server Core Installation), Windows 10 Version 1803, and Windows Server,
version 1803 (Server Core Installation). See the FAQ section for more information.
3.2 12/12/2018 08:00:00
Fixed a typo in the FAQ.
Affected Software
The following tables list the affected software details for the vulnerability.
ADV990001
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV990001
Windows 7 for 32-bit Systems Service Pack 1
3177467 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 7 for x64-based Systems Service Pack
1
3177467 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 R2 for x64-based Systems
Service Pack 1 (Server Core installation)
3177467 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 R2 for Itanium-Based
Systems Service Pack 1
3177467 Service
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 R2 for x64-based Systems
Service Pack 1
3177467 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for 32-bit Systems Service
Pack 2 (Server Core installation)
955430 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal: Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV990001
N/A
Vector: N/A
Windows Server 2012
3173426 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012 (Server Core installation)
3173426 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 8.1 for 32-bit systems
3173424 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 8.1 for x64-based systems
3173424 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2012 R2
3173424 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV990001
Windows Server 2012 R2 (Server Core
installation)
3173424 Servicing
Stack Update
Critical Defense
in Depth
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 for 32-bit Systems
4093430 Servicing
Stack Update
Critical Defense
in Depth 4021701
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 for x64-based Systems
4093430 Servicing
Stack Update
Critical Defense
in Depth 4021701
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2016
4465659 Servicing
Stack Update
Critical Defense
in Depth 4132216
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1607 for 32-bit Systems
4465659 Servicing
Stack Update
Critical Defense
in Depth 4132216
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1607 for x64-based
Systems
4465659 Servicing
Stack Update
Critical Defense
in Depth 4132216
Base: N/A
Temporal: Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV990001
N/A
Vector: N/A
Windows Server 2016 (Server Core installation)
4465659 Servicing
Stack Update
Critical Defense
in Depth 4132216
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1703 for 32-bit Systems
4486458 Servicing
Stack Update
Critical Defense
in Depth 4465660
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1703 for x64-based
Systems
4486458 Servicing
Stack Update
Critical Defense
in Depth 4465660
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for 32-bit Systems
4477136 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for x64-based
Systems
4477136 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV990001
Windows Server, version 1709 (Server Core
Installation)
4477136 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for 32-bit Systems
4477137 Servicing
Stack Update
Critical Defense
in Depth 4465663
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based
Systems
4477137 Servicing
Stack Update
Critical Defense
in Depth 4465663
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server, version 1803 (Server Core
Installation)
4477137 Servicing
Stack Update
Critical Defense
in Depth 4465663
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1803 for ARM64-based
Systems
4477137 Servicing
Stack Update
Critical Defense
in Depth 4465663
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1809 for 32-bit Systems
4470788 Servicing
Stack Update
Critical Defense
in Depth 4465664
Base: N/A
Temporal: Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV990001
N/A
Vector: N/A
Windows 10 Version 1809 for x64-based
Systems
4470788 Servicing
Stack Update
Critical Defense
in Depth 4465664
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1809 for ARM64-based
Systems
4470788 Servicing
Stack Update
Critical Defense
in Depth 4465664
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2019
4470788 Servicing
Stack Update
Critical Defense
in Depth 4465664
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2019 (Server Core installation)
4470788 Servicing
Stack Update
Critical Defense
in Depth 4465664
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows 10 Version 1709 for ARM64-based
Systems
4477136 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
ADV990001
Windows Server 2008 for Itanium-Based
Systems Service Pack 2
955430 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for 32-bit Systems Service
Pack 2
955430 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems
Service Pack 2
955430 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems
Service Pack 2 (Server Core installation)
955430 Servicing
Stack Update
Critical Defense
in Depth 4465661
Base: N/A
Temporal:
N/A
Vector: N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536 - Windows Kernel Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0536
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could obtain
information to further compromise the user's system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a
specially crafted application. The vulnerability would not allow an attacker to execute code or to
elevate user rights directly, but it could be used to obtain information that could be used to try to
further compromise the affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in
memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Important Information Disc
losure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0536
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
4480960
Security Important
Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
Systems
Service
Pack 1
Only
4480970
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows 7
for x64-
based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
Core
installation)
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server
Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-
bit systems
4480964
Security
Only
4480963
Monthly
Rollup
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
10 for 32-
bit Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 for x64-
based
Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1607 for 32-
bit Systems
4480961
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
Windows
10 Version
1607 for
x64-based
Systems
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server
Core
installation)
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1703 for 32-
bit Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
4480978
Security Important
Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
10 Version
1709 for
x64-based
Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server,
version
1709
(Server
Core
Installation)
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for 32-
bit Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
x64-based
Systems
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
Server,
version
1803
(Server
Core
Installation)
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for 32-
bit Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for
4480116
Security Important
Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
x64-based
Systems
Update
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
10 Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server
Core
installation)
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1709 for
ARM64-
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
based
Systems
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0536
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
CVE-2019-0537 - Microsoft Visual Studio Information Disclosure
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-
2019-
0537
CVE Title: Microsoft Visual Studio Information Disclosure Vulnerability
Description: Important
Information Disc
losure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary
file contents if the victim opens a malicious .vscontent file. An attacker who took advantage of
this information disclosure could view arbitrary file contents from the computer where the victim
launched Visual Studio.
To take advantage of the vulnerability, an attacker would need to trick a user into opening a
malicious .vscontent file using a vulnerable version of Visual Studio. An attacker would have
no way to force a developer to produce this information disclosure.
The security update addresses the vulnerability by correcting how Visual Studio loads .vscontent
files.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is unauthorized file system access - reading from file system.
Mitigations:
None
Workarounds:
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0537
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Visual Studio 2010
Service Pack 1
4476698 Security
Update
Important Information Disclos
ure
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visual Studio 2012
Update 5
4476755 Security
Update
Important Information Disclos
ure
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0538
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0538
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
Core
installation)
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for
Itanium-
Based
Systems
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Service Pack
1
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Rollup
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
x64-based
Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0538
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0539 - Chakra Scripting Engine Memory Corruption
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0539
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles
objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as the current user. If the
current user is logged on with administrative user rights, an attacker who successfully exploited
the vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Microsoft Edge and then convince a user to view
the website. The attacker could also take advantage of compromised websites and websites that
accept or host user-provided content or advertisements. These websites could contain specially
crafted content that could exploit the vulnerability.
Critical Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The security update addresses the vulnerability by modifying how the Chakra scripting engine
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0539
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge on
Windows 10
for 32-bit
Systems
4480962
Security
Update
Critical
Remote
Code
Execution
4483228
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
for x64-
based
Systems
4480962
Security
Update
Critical
Remote
Code
Execution
4483228
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2016
4480961
Security
Update
Moderate
Remote
Code
Execution
4471321
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
4480961
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0539
1607 for 32-
bit Systems
Microsoft
Edge on
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Critical
Remote
Code
Execution
4471321
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0539
Microsoft
Edge on
Windows 10
Version
1709 for 32-
bit Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0539
1803 for
x64-based
Systems
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Microsoft
Edge on
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1809 for
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0539
x64-based
Systems
Microsoft
Edge on
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2019
4480116
Security
Update
Moderate
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0539
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4483232
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0541 - MSHTML Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0541
MITRE
NVD
CVE Title: MSHTML Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly
validates input.
An attacker could execute arbitrary code in the context of the current user. If the current user is
logged on with administrative user rights, an attacker who successfully exploited the
vulnerability could take control of an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted
file that is designed to exploit the vulnerability.
The security update addresses the vulnerability by modifying how MSHTML engine validates
input.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Microsoft
Excel
Viewer
2007
Service
Pack 3
2596760
Security
Update
Important
Remote
Code
Execution
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Internet
Explorer
9 on
Windows
Server
2008 for
32-bit
Systems
Service
Pack 2
4480965 IE
Cumulative
4480968
Monthly
Rollup
Low
Remote
Code
Execution
4471325
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
9 on
Windows
Server
4480965 IE
Cumulative
4480968
Monthly
Low
Remote
Code
Execution
4471325
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
2008 for
x64-based
Systems
Service
Pack 2
Rollup
Internet
Explorer
11 on
Windows
7 for 32-
bit
Systems
Service
Pack 1
4480970
Monthly
Rollup
4480965 IE
Cumulative
Important
Remote
Code
Execution
4483187
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
7 for x64-
based
Systems
Service
Pack 1
4480965 IE
Cumulative
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Internet
Explorer
11 on
Windows
Server
2008 R2
for x64-
based
Systems
Service
Pack 1
4480965 IE
Cumulative
4480970
Monthly
Rollup
Low
Remote
Code
Execution
4471318
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
32-bit
systems
4480963
Monthly
Rollup
4480965 IE
Cumulative
Important
Remote
Code
Execution
4483187
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
8.1 for
4480963
Monthly
Rollup
4480965 IE
Important
Remote
Code
Execution
4483187
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
x64-based
systems
Cumulative
Internet
Explorer
11 on
Windows
Server
2012 R2
4480963
Monthly
Rollup
4480965 IE
Cumulative
Low
Remote
Code
Execution
4483187
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10 for 32-
bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
4480962
Security Important
Remote
Code
Execution
4483228
Base: 7.5
Temporal: 6.7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Windows
10 for
x64-based
Systems
Update
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Internet
Explorer
11 on
Windows
Server
2016
4480961
Security
Update
Low
Remote
Code
Execution
4471321
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1607 for
32-bit
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.5
Temporal: 6.7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
10
Version
1607 for
x64-based
Systems
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Internet
Explorer
11 on
Windows
10
Version
1703 for
32-bit
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Internet
Explorer
11 on
Windows
10
Version
1709 for
32-bit
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Version
1803 for
32-bit
Systems
Internet
Explorer
11 on
Windows
10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Internet
Explorer
11 on
Windows
10
Version
1809 for
32-bit
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Version
1809 for
ARM64-
based
Systems
Internet
Explorer
11 on
Windows
Server
2019
4480116
Security
Update
Low
Remote
Code
Execution
4483235
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Internet
Explorer
11 on
Windows
10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.5
Temporal: 6.7
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Microsoft
Office
2010
Service
Pack 2
(32-bit
editions)
2553332
Security
Update
Important
Remote
Code
Execution
4483232
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office
2010
Service
Pack 2
(64-bit
editions)
2553332
Security
Update
Important
Remote
Code
Execution
4483232
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Internet
Explorer
10 on
Windows
Server
2012
4480975
Monthly
Rollup
4480965 IE
Cumulative
Low
Remote
Code
Execution
4483187
Base: 6.4
Temporal: 5.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Microsoft
Office
2013
3172522
Security Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Service
Pack 1
(32-bit
editions)
Update
Microsoft
Office
2013
Service
Pack 1
(64-bit
editions)
3172522
Security
Update
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office
2013 RT
Service
Pack 1
3172522
Security
Update
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office
2016 (32-
bit
edition)
4022162
Security
Update
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
Microsoft
Office
2016 (64-
bit
edition)
4022162
Security
Update
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft
Office
2019 for
32-bit
editions
Click to
Run
Security
Update
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft
Office
2019 for
64-bit
editions
Click to
Run
Security
Update
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
No
Office
365
ProPlus
for 32-bit
Systems
Click to
Run
Security
Update
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
No
Office
365
ProPlus
Click to
Run
Security
Important
Remote
Code
Execution
4483187
Base: N/A
Temporal: N/A
Vector: N/A
No
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0541
for 64-bit
Systems
Update
Microsoft
Office
Word
Viewer
4462112
Security
Update
Important
Remote
Code
Execution
4092433
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0543 - Microsoft Windows Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0543
MITRE
NVD
CVE Title: Microsoft Windows Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when Windows improperly handles
authentication requests. An attacker who successfully exploited this vulnerability could run
processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on the
victim system.
The update addresses the vulnerability by correcting the way Windows handles
authentication requests.
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0543
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Windows 7 for 32-bit
Systems Service Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Elevation
of Privilege 4471318
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 7 for x64-
based Systems Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Elevation
of Privilege 4471318
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2008
R2 for x64-based
Systems Service Pack 1
(Server Core
installation)
4480960
Security
Only
4480970
Monthly
Rollup
Important Elevation
of Privilege 4471318
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Windows Server 2008
R2 for Itanium-Based
Systems Service Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Elevation
of Privilege 4471318
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2008
R2 for x64-based
Systems Service Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Elevation
of Privilege 4471318
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2008
for 32-bit Systems
Service Pack 2 (Server
Core installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Elevation
of Privilege 4471325
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2012 4480972
Security Important
Elevation
of Privilege 4471330
Base: 7.8
Temporal: 7.8 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Only
4480975
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important Elevation
of Privilege 4471330
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important Elevation
of Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 8.1 for x64-
based systems
4480963
Monthly
Rollup
4480964
Important Elevation
of Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Security
Only
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important Elevation
of Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows RT 8.1
4480963
Monthly
Rollup
Important Elevation
of Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2012
R2 (Server Core
installation)
4480963
Monthly
Rollup
4480964
Security
Only
Important Elevation
of Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Windows 10 for 32-bit
Systems
4480962
Security
Update
Important Elevation
of Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 for x64-
based Systems
4480962
Security
Update
Important Elevation
of Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2016
4480961
Security
Update
Important Elevation
of Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for 32-bit Systems
4480961
Security
Update
Important Elevation
of Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for x64-based
Systems
4480961
Security Important
Elevation
of Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server 2016
(Server Core
installation)
4480961
Security
Update
Important Elevation
of Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for 32-bit Systems
4480973
Security
Update
Important Elevation
of Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for x64-based
Systems
4480973
Security
Update
Important Elevation
of Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for 32-bit Systems
4480978
Security
Update
Important Elevation
of Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Windows 10 Version
1709 for x64-based
Systems
4480978
Security
Update
Important Elevation
of Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1709 (Server
Core Installation)
4480978
Security
Update
Important Elevation
of Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for 32-bit Systems
4480966
Security
Update
Important Elevation
of Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for x64-based
Systems
4480966
Security
Update
Important Elevation
of Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1803 (Server
Core Installation)
4480966
Security Important
Elevation
of Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1803 for ARM64-based
Systems
4480966
Security
Update
Important Elevation
of Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for 32-bit Systems
4480116
Security
Update
Important Elevation
of Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for x64-based
Systems
4480116
Security
Update
Important Elevation
of Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for ARM64-based
Systems
4480116
Security
Update
Important Elevation
of Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Windows Server 2019
4480116
Security
Update
Important Elevation
of Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2019
(Server Core
installation)
4480116
Security
Update
Important Elevation
of Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for ARM64-based
Systems
4480978
Security
Update
Important Elevation
of Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2008
for Itanium-Based
Systems Service Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Elevation
of Privilege 4471325
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0543
Windows Server 2008
for 32-bit Systems
Service Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Elevation
of Privilege 4471325
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2008
for x64-based Systems
Service Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Elevation
of Privilege 4471325
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server 2008
for x64-based Systems
Service Pack 2 (Server
Core installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Elevation
of Privilege 4471325
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545 - .NET Framework Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-0545
MITRE
NVD
CVE Title: .NET Framework Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists in .NET Framework and .NET
Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations.
An attacker who successfully exploited the vulnerability could retrieve content, that is
normally restricted, from a web application.
The security update addresses the vulnerability by enforcing CORS configuration to
prevent its bypass.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is search criteria.
Mitigations:
None
Important Information Disclo
sure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0545
Product KB Article Severity Impact Supersedence CVSS
Score Set
Restart
Required
Microsoft .NET Framework 4.5.2 on Windows 7 for
32-bit Systems Service Pack 1
4480059
Monthly
Rollup
4480076
Security
Important Information Di
sclosure
4471987,
3142033, 2972107
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Only
Microsoft .NET Framework 4.5.2 on Windows 7 for
x64-based Systems Service Pack 1
4480059
Monthly
Rollup
4480076
Security
Only
Important Information Di
sclosure
4471987,
3142033, 2972107
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2008 R2 for x64-based Systems Service Pack 1 (Server
Core installation)
4480059
Monthly
Rollup
4480076
Security
Only
Important Information Di
sclosure
4471987,
3142033, 2972107
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2008 R2 for x64-based Systems Service Pack 1
4480059
Monthly
Rollup
4480076
Security
Only
Important Information Di
sclosure
4471987,
3142033, 2972107
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework 4.5.2 on Windows Server
2012
4480075
Security
Only
4480058
Monthly
Rollup
Important Information Di
sclosure
4461988,
3142032, 2978042
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2012 (Server Core installation)
4480075
Security
Only
4480058
Monthly
Rollup
Important Information Di
sclosure
4461988,
3142032, 2978042
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for
32-bit systems
4480074
Security
Only
4480057
Monthly
Rollup
Important Information Di
sclosure
4461989,
3142030, 2978041
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for
x64-based systems
4480074
Security Important
Information Di
sclosure
4461989,
3142030, 2978041
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Only
4480057
Monthly
Rollup
N/A
Vector:
N/A
Microsoft .NET Framework 4.5.2 on Windows Server
2012 R2
4480074
Security
Only
4480057
Monthly
Rollup
Important Information Di
sclosure
4461989,
3142030, 2978041
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows RT 8.1
4480057
Monthly
Rollup
Important Information Di
sclosure
4461989,
3142030, 2978041
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2012 R2 (Server Core installation)
4480074
Security
Only
4480057
Monthly
Important Information Di
sclosure
4461989,
3142030, 2978041
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Rollup
Microsoft .NET Framework 4.5.2 on Windows Server
2008 for 32-bit Systems Service Pack 2
4480076
Security
Only
4480059
Monthly
Rollup
Important Information Di
sclosure
4461990,
3142033, 2972107
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server
2008 for x64-based Systems Service Pack 2
4480076
Security
Only
4480059
Monthly
Rollup
Important Information Di
sclosure
4461990,
3142033, 2972107
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.6 on Windows Server
2008 for 32-bit Systems Service Pack 2
4480072
Security
Only
4480055
Monthly
Rollup
Important Information Di
sclosure 4471990, 3142037
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework 4.6 on Windows Server
2008 for x64-based Systems Service Pack 2
4480072
Security
Only
4480055
Monthly
Rollup
Important Information Di
sclosure 4471990, 3142037
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows 10
Version 1803 for 32-bit Systems
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10
Version 1803 for x64-based Systems
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows Server,
version 1803 (Server Core Installation)
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework 4.7.2 on Windows 10
Version 1803 for ARM64-based Systems
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10
Version 1809 for 32-bit Systems
4480056
Monthly
Rollup
Important Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows 10
Version 1809 for x64-based Systems
4480056
Monthly
Rollup
Important Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server
2019
4480056
Monthly
Rollup
Important Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server
2019 (Server Core installation)
4480056
Monthly Important
Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Rollup
Vector:
N/A
Microsoft .NET Framework 4.6/4.6.1/4.6.2 on
Windows 10 for 32-bit Systems
4480962
Security
Update
Important Information Di
sclosure 4483228
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.6/4.6.1/4.6.2 on
Windows 10 for x64-based Systems
4480962
Security
Update
Important Information Di
sclosure 4483228
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit
Systems Service Pack 1
4480055
Monthly
Rollup
4480072
Security
Only
Important Information Di
sclosure 4471987, 3142037
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-
based Systems Service Pack 1
4480055
Monthly
Rollup
4480072
Important Information Di
sclosure 4471987, 3142037
Base: N/A
Temporal:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Security
Only
Vector:
N/A
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2008 R2 for x64-based Systems Service Pack 1 (Server
Core installation)
4480055
Monthly
Rollup
4480072
Security
Only
Important Information Di
sclosure 4471987, 3142037
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2008 R2 for x64-based Systems Service Pack 1
4480055
Monthly
Rollup
4480072
Security
Only
Important Information Di
sclosure 4471987, 3142037
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012
4480070
Security
Only
4480051
Monthly
Important Information Di
sclosure 4471988
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Rollup
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012 (Server Core installation)
4480070
Security
Only
4480051
Monthly
Rollup
Important Information Di
sclosure 4471988
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-
bit systems
4480071
Security
Only
4480054
Monthly
Rollup
Important Information Di
sclosure 4471989
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-
based systems
4480071
Security
Only
4480054
Monthly
Rollup
Important Information Di
sclosure 4471989
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012 R2
4480071
Security
Only
4480054
Monthly
Rollup
Important Information Di
sclosure 4471989
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1
4480054
Monthly
Rollup
Important Information Di
sclosure 4471989
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server
2012 R2 (Server Core installation)
4480071
Security
Only
4480054
Monthly
Rollup
Important Information Di
sclosure 4471989
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on
Windows Server 2016
4480961
Security
Update
Important Information Di
sclosure 4471321
Base: N/A
Temporal:
N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Vector:
N/A
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on
Windows 10 Version 1607 for 32-bit Systems
4480961
Security
Update
Important Information Di
sclosure 4483229
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on
Windows 10 Version 1607 for x64-based Systems
4480961
Security
Update
Important Information Di
sclosure 4471321
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on
Windows Server 2016 (Server Core installation)
4480961
Security
Update
Important Information Di
sclosure 4471321
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on
Windows 10 Version 1703 for 32-bit Systems
4480973
Security
Update
Important Information Di
sclosure 4483229
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on
Windows 10 Version 1703 for x64-based Systems
4480973
Security
Update
Important Information Di
sclosure 4483229
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows
10 Version 1709 for 32-bit Systems
4480978
Security
Update
Important Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows
10 Version 1709 for x64-based Systems
4480978
Security
Update
Important Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows
Server, version 1709 (Server Core Installation)
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows
10 Version 1709 for ARM64-based Systems
4480978
Security Important
Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Update
Vector:
N/A
.NET Core 2.1
Release
Notes
Security
Update
Important Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
.NET Core 2.2
Release
Notes
Security
Update
Important Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2012
4480083
Security
Only
4480061
Monthly
Rollup
Important Information Di
sclosure 4471988, 3142025
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2012 (Server Core installation)
4480083
Security
Only
4480061
Important Information Di
sclosure 4471988, 3142025
Base: N/A
Temporal:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Monthly
Rollup
Vector:
N/A
Microsoft .NET Framework 3.5 on Windows 8.1 for
32-bit systems
4480086
Security
Only
4480064
Monthly
Rollup
Important Information Di
sclosure 4467226; 4471983
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for
x64-based systems
4480086
Security
Only
4480064
Monthly
Rollup
Important Information Di
sclosure 4467226; 4471983
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2012 R2
4480086
Security
Only
4480064
Monthly
Important Information Di
sclosure 4467226; 4471983
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Rollup
Microsoft .NET Framework 3.5 on Windows Server
2012 R2 (Server Core installation)
4480086
Security
Only
4480064
Monthly
Rollup
Important Information Di
sclosure 4467226; 4471983
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 10 for
32-bit Systems
4480962
Security
Update
Important Information Di
sclosure 4483228
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 for
x64-based Systems
4480962
Security
Update
Important Information Di
sclosure 4483228
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server
2016
4480961
Security
Update
Important Information Di
sclosure 4471321
Base: N/A
Temporal:
N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Vector:
N/A
Microsoft .NET Framework 3.5 on Windows 10
Version 1607 for 32-bit Systems
4480961
Security
Update
Important Information Di
sclosure 4483229
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1607 for x64-based Systems
4480961
Security
Update
Important Information Di
sclosure 4471321
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server
2016 (Server Core installation)
4480961
Security
Update
Important Information Di
sclosure 4471321
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1703 for 32-bit Systems
4480973
Security
Update
Important Information Di
sclosure 4483229
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework 3.5 on Windows 10
Version 1703 for x64-based Systems
4480973
Security
Update
Important Information Di
sclosure 4483229
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1709 for 32-bit Systems
4480978
Security
Update
Important Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1709 for x64-based Systems
4480978
Security
Update
Important Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server,
version 1709 (Server Core Installation)
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1803 for 32-bit Systems
4480966
Security Important
Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Update
Vector:
N/A
Microsoft .NET Framework 3.5 on Windows 10
Version 1803 for x64-based Systems
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server,
version 1803 (Server Core Installation)
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1803 for ARM64-based Systems
4480966
Security
Update
Important Information Di
sclosure 4483234
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10
Version 1809 for 32-bit Systems
4480056
Monthly
Rollup
Important Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework 3.5 on Windows 10
Version 1809 for x64-based Systems
4480056
Monthly
Rollup
Important Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2019
4480056
Monthly
Rollup
Important Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server
2019 (Server Core installation)
4480056
Monthly
Rollup
Important Information Di
sclosure 4470502
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 10
Version 1709 for ARM64-based Systems
4480978
Security
Update
Important Information Di
sclosure 4483232
Base: N/A
Temporal:
N/A
Vector:
N/A
Yes
Microsoft .NET Framework 3.0 Service Pack 2 on
Windows Server 2008 for Itanium-Based Systems
Service Pack 2
4480084
Security
Only
Important Information Di
sclosure 4471990
Base: N/A
Temporal:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
4480062
Monthly
Rollup
Vector:
N/A
Microsoft .NET Framework 3.0 Service Pack 2 on
Windows Server 2008 for 32-bit Systems Service Pack
2
4480084
Security
Only
4480062
Monthly
Rollup
Important Information Di
sclosure 4471990
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.0 Service Pack 2 on
Windows Server 2008 for x64-based Systems Service
Pack 2
4480084
Security
Only
4480062
Monthly
Rollup
Important Information Di
sclosure 4471990
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 2.0 Service Pack 2 on
Windows Server 2008 for Itanium-Based Systems
Service Pack 2
4480084
Security
Only
4480062
Monthly
Important Information Di
sclosure 4471990
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Rollup
Microsoft .NET Framework 2.0 Service Pack 2 on
Windows Server 2008 for 32-bit Systems Service Pack
2
4480084
Security
Only
4480062
Monthly
Rollup
Important Information Di
sclosure 4471990
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 2.0 Service Pack 2 on
Windows Server 2008 for x64-based Systems Service
Pack 2
4480084
Security
Only
4480062
Monthly
Rollup
Important Information Di
sclosure 4471990
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows 7 for
32-bit Systems Service Pack 1
4480085
Security
Only
4480063
Monthly
Rollup
Important Information Di
sclosure 4471987, 3142024
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Microsoft .NET Framework 3.5.1 on Windows 7 for
x64-based Systems Service Pack 1
4480085
Security
Only
4480063
Monthly
Rollup
Important Information Di
sclosure 4471987, 3142024
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server
2008 R2 for x64-based Systems Service Pack 1 (Server
Core installation)
4480085
Security
Only
4480063
Monthly
Rollup
Important Information Di
sclosure 4471987, 3142024
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server
2008 R2 for Itanium-Based Systems Service Pack 1
4480085
Security
Only
4480063
Monthly
Rollup
Important Information Di
sclosure 4471987, 3142024
Base: N/A
Temporal:
N/A
Vector:
N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server
2008 R2 for x64-based Systems Service Pack 1
4480085
Security Important
Information Di
sclosure 4471987, 3142024
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0545
Only
4480063
Monthly
Rollup
N/A
Vector:
N/A
CVE-2019-0546 - Visual Studio Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0546
MITRE
NVD
CVE Title: Visual Studio Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in Visual Studio when the C++ compiler
improperly handles specific combinations of C++ constructs. An attacker who successfully
exploited the vulnerability could run arbitrary code in the context of the current user. If the
current user is logged on with administrative user rights, an attacker could take control of the
affected system. An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with administrative user
rights.
Moderate Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Exploitation of the vulnerability requires that a user open a specially crafted file which was
compiled with an affected version of Visual Studio. In an email attack scenario, an attacker
could exploit the vulnerability by sending a specially crafted project, or resource file, to the user
and convince the user to open the file.
The security update addresses the vulnerability by correcting how the Visual Studio C++
compiler handles certain C++ constructs.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0546
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Visual Studio 2017
version 15.9
Release Notes Security
Update
Moderate Remote Code
Execution
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0547 - Windows DHCP Client Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0547
CVE Title: Windows DHCP Client Remote Code Execution Vulnerability
Description: Critical
Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
A memory corruption vulnerability exists in the Windows DHCP client when an attacker
sends specially crafted DHCP responses to a client. An attacker who successfully exploited
the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a
client.
The security update addresses the vulnerability by correcting how Windows DHCP clients
handle certain DHCP responses.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0547
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 9.8
Temporal: 8.8
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 9.8
Temporal: 8.8
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 9.8
Temporal: 8.8
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0547
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 9.8
Temporal: 8.8
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
CVE-2019-0548 - ASP.NET Core Denial of Service Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0548
MITRE
NVD
CVE Title: ASP.NET Core Denial of Service Vulnerability
Description:
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests.
An attacker who successfully exploited this vulnerability could cause a denial of service against
an ASP.NET Core web application. The vulnerability can be exploited remotely, without
authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted
requests to the .NET Core application.
Important Denial of
Service
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting how the ASP.NET Core web application
handles web requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0548
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0548
ASP.NET Core 2.1 Release Notes Security Update
Important Denial of Service
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
ASP.NET Core 2.2 Release Notes Security Update
Important Denial of Service
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0549 - Windows Kernel Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0549
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could obtain
information to further compromise the user's system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a
specially crafted application. The vulnerability would not allow an attacker to execute code or to
elevate user rights directly, but it could be used to obtain information that could be used to try to
further compromise the affected system.
Important Information Disc
losure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting how the Windows kernel handles objects in
memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is Kernel memory read - unintentional read access to memory contents in kernel
space from a user mode process.
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0549
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
4480960
Security Important
Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
R2 for x64-
based
Systems
Service
Pack 1
(Server
Core
installation)
Only
4480970
Monthly
Rollup
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
(Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server
Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Windows
8.1 for 32-
bit systems
4480964
Security
Only
4480963
Monthly
Rollup
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly Important
Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Rollup
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
Server 2012
R2 (Server
Core
installation)
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 for 32-
bit Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 for x64-
based
Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security Important
Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Update
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
10 Version
1607 for 32-
bit Systems
4480961
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1607 for
x64-based
Systems
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server
Core
installation)
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1703 for 32-
bit Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Windows
10 Version
1703 for
x64-based
Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1709 for 32-
bit Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server,
version
1709
(Server
Core
Installation)
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Windows
10 Version
1803 for 32-
bit Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for
x64-based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Windows
10 Version
1809 for 32-
bit Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for
x64-based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security Important
Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
(Server
Core
installation)
Update
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
10 Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0549
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0550 - Windows Hyper-V Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0550
MITRE
NVD
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to
properly validate input from an authenticated user on a guest operating system. To exploit the
vulnerability, an attacker could run a specially crafted application on a guest operating system
that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the
host operating system.
The security update addresses the vulnerability by correcting how Hyper-V validates guest
operating system user input.
FAQ:
None
Mitigations:
None
Critical Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0550
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0550
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0550
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server 2019
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0551 - Windows Hyper-V Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0551
MITRE
NVD
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to
properly validate input from an authenticated user on a guest operating system. To exploit the
vulnerability, an attacker could run a specially crafted application on a guest operating system
that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the
host operating system.
The security update addresses the vulnerability by correcting how Hyper-V validates guest
operating system user input.
FAQ:
None
Mitigations:
None
Critical Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0551
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Server 2016
4480961
Security
Update
Critical
Remote
Code
Execution
4471321
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0551
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Critical
Remote
Code
Execution
4471321
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Critical
Remote
Code
Execution
4471321
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1703 for
4480973
Security Critical
Remote
Code
Execution
4483229
Base: 7.6
Temporal: 6.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0551
x64-based
Systems
Update
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Windows 10
Version
1709 for 32-
bit Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0551
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0551
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server 2019
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0551
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 7.6
Temporal: 6.8
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC
:C
Yes
CVE-2019-0552 - Windows COM Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0552
MITRE
NVD
CVE Title: Windows COM Elevation of Privilege Vulnerability
Description:
An elevation of privilege exists in Windows COM Desktop Broker. An attacker who
successfully exploited the vulnerability could run arbitrary code with elevated privileges.
To exploit the vulnerability, an attacker could run a specially crafted application that could
exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run.
However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a
remote code execution vulnerability and another elevation of privilege) that could take advantage
of the elevated privileges when running.
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The update addresses the vulnerability by correcting how Windows COM Desktop Broker
processes interface requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0552
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 8.1
for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 8.1
for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0552
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4480963
Monthly
Rollup
4480964
Security
Only
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Elevation
of
Privilege
4483228
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Elevation
of
Privilege
4483228
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0552
Windows
Server 2016
4480961
Security
Update
Important
Elevation
of
Privilege
4471321
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Elevation
of
Privilege
4483229
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Elevation
of
Privilege
4471321
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Elevation
of
Privilege
4471321
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480973
Security Important
Elevation
of
Privilege
4483229
Base: 7
Temporal: 6.3
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0552
1703 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Elevation
of
Privilege
4483229
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0552
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0552
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0552
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0553 - Windows Subsystem for Linux Information Disclosure
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0553
CVE Title: Windows Subsystem for Linux Information Disclosure Vulnerability
Description: Important
Information Discl
osure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
An information disclosure vulnerability exists when Windows Subsystem for Linux
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could obtain information to further compromise the user's system.
A attacker could exploit this vulnerability by running a specially crafted application.
The update addresses the vulnerability by correcting how Windows Subsystem for Linux
handles objects in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is Kernel memory read - unintentional read access to memory contents in kernel
space from a user mode process.
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0553
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
10 Version
1703 for 32-
bit Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0553
Windows
10 Version
1709 for 32-
bit Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server,
version
1709
(Server
Core
Installation)
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for 32-
bit Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0553
Windows
10 Version
1803 for
x64-based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for 32-
bit Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0553
Windows
10 Version
1809 for
x64-based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server
Core
installation)
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
4480978
Security Important
Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0553
1709 for
ARM64-
based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
CVE-2019-0554 - Windows Kernel Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0554
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could obtain
information to further compromise the user's system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a
specially crafted application. The vulnerability would not allow an attacker to execute code or to
elevate user rights directly, but it could be used to obtain information that could be used to try to
further compromise the affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in
memory.
Important Information Disc
losure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is memory layout - the vulnerability allows an attacker to collect information that
facilitates predicting addressing of the memory.
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
(Server
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service
Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
4480957
Security
Only
4480968
Monthly
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
Pack 2
(Server
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server
Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-
bit systems
4480964
Security
Only
4480963
Monthly
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
Rollup
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
4480963
Monthly Important
Information
Disclosure 4471320
Base: 4.7
Temporal: 4.2 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
R2 (Server
Core
installation)
Rollup
4480964
Security
Only
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
10 for 32-
bit Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 for x64-
based
Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
4480961
Security Important
Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
1607 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
10 Version
1607 for
x64-based
Systems
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server
Core
installation)
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1703 for 32-
bit Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1703 for
x64-based
Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
Windows
10 Version
1709 for 32-
bit Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1709 for
x64-based
Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server,
version
1709
(Server
Core
Installation)
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for 32-
bit Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
Windows
10 Version
1803 for
x64-based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server,
version
1803
(Server
Core
Installation)
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for 32-
bit Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
Windows
10 Version
1809 for
x64-based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server
Core
installation)
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
10 Version
4480978
Security Important
Information
Disclosure 4483232
Base: 4.7
Temporal: 4.2 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
1709 for
ARM64-
based
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Windows
Server 2008
for Itanium-
Based
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service
Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
4480957
Security
Only
4480968
Monthly
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0554
Service
Pack 2
Rollup
Windows
Server 2008
for x64-
based
Systems
Service
Pack 2
(Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 4.7
Temporal: 4.2
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/R
C:C
Yes
CVE-2019-0555 - Microsoft XmlDocument Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
CVE Title: Microsoft XmlDocument Elevation of Privilege Vulnerability
Description: Important
Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
0555
MITRE
NVD
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could
allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who
successfully exploited this vulnerability could gain elevated privileges and break out of the Edge
AppContainer sandbox.
The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could
be used in conjunction with one or more vulnerabilities (for example a remote code execution
vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated
privileges when running.
The security update addresses the vulnerability by modifying how the Microsoft XmlDocument
class enforces sandboxing.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0555
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Elevation
of
Privilege
4471330
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Elevation
of
Privilege
4471330
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0555
Windows 8.1
for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 8.1
for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0555
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
Core
installation)
4480963
Monthly
Rollup
4480964
Security
Only
Important
Elevation
of
Privilege
4471320
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Elevation
of
Privilege
4483228
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Elevation
of
Privilege
4483228
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0555
Windows
Server 2016
4480961
Security
Update
Important
Elevation
of
Privilege
4471321
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Elevation
of
Privilege
4483229
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Elevation
of
Privilege
4471321
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Elevation
of
Privilege
4471321
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480973
Security Important
Elevation
of
Privilege
4483229
Base: 7
Temporal: 6.3
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0555
1703 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Elevation
of
Privilege
4483229
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for 32-
bit Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0555
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0555
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0555
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 7
Temporal: 6.3
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0556 - Microsoft Office SharePoint XSS Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0556
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not
properly sanitize a specially crafted web request to an affected SharePoint server. An
Important Spoofing
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
authenticated attacker could exploit the vulnerability by sending a specially crafted request to an
affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting
attacks on affected systems and run script in the security context of the current user. The attacks
could allow the attacker to read content that the attacker is not authorized to read, use the
victim's identity to take actions on the SharePoint site on behalf of the user, such as change
permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server
properly sanitizes web requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0556
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Enterprise Server 2013
Service Pack 1
4461596 Security
Update
Important Spoofing 4461558
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0557 - Microsoft Office SharePoint XSS Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0557
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not
properly sanitize a specially crafted web request to an affected SharePoint server. An
authenticated attacker could exploit the vulnerability by sending a specially crafted request to an
affected SharePoint server.
Important Spoofing
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The attacker who successfully exploited the vulnerability could then perform cross-site scripting
attacks on affected systems and run script in the security context of the current user. The attacks
could allow the attacker to read content that the attacker is not authorized to read, use the
victim's identity to take actions on the SharePoint site on behalf of the user, such as change
permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server
properly sanitizes web requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0557
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Enterprise Server
2016
4461598 Security
Update
Important Spoofing 4461541
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0558 - Microsoft Office SharePoint XSS Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0558
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not
properly sanitize a specially crafted web request to an affected SharePoint server. An
authenticated attacker could exploit the vulnerability by sending a specially crafted request to an
affected SharePoint server.
Important Spoofing
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
The attacker who successfully exploited the vulnerability could then perform cross-site scripting
attacks on affected systems and run script in the security context of the current user. The attacks
could allow the attacker to read content that the attacker is not authorized to read, use the
victim's identity to take actions on the SharePoint site on behalf of the user, such as change
permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server
properly sanitizes web requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0558
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Business Productivity Servers 2010
Service Pack 2
4461624 Security
Update
Important Spoofing 4461465
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016
4461598 Security
Update
Important Spoofing 4461541
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2013
Service Pack 1
4461591 Security
Update
Important Spoofing 4461549
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019
4461634 Security
Update
Important Spoofing 4461548
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0559 - Microsoft Outlook Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0559
MITRE
NVD
CVE Title: Microsoft Outlook Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when Microsoft Outlook improperly handles
certain types of messages. An attacker who successfully exploited this vulnerability could
gather information about the victim.
An attacker could exploit this vulnerability by sending a specially crafted email to the victim.
The update addresses the vulnerability by correcting the way Microsoft Outlook handles
these types of messages.
FAQ:
What type of information could be disclosed by this vulnerability?
A victim could automatically download external content, which could disclose information to
an attacker.
Mitigations:
None
Important Information Discl
osure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0559
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Outlook 2013 RT Service
Pack 1
4461595 Security
Update
Important Information Disclo
sure 4461556
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0559
Microsoft Outlook 2010 Service Pack
2 (32-bit editions)
4461623 Security
Update
Important Information Disclo
sure 4461576
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Outlook 2010 Service Pack
2 (64-bit editions)
4461623 Security
Update
Important Information Disclo
sure 4461576
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (32-bit
edition)
4461601 Security
Update
Important Information Disclo
sure 4461544
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (64-bit
edition)
4461601 Security
Update
Important Information Disclo
sure 4461544
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack
1 (32-bit editions)
4461595 Security
Update
Important Information Disclo
sure 4461556
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack
1 (64-bit editions)
4461595 Security
Update
Important Information Disclo
sure 4461556
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0559
N/A
Vector: N/A
Microsoft Office 2019 for 32-bit
editions
Click to Run Security
Update
Important Information Disclo
sure 4461556
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit
editions
Click to Run Security
Update
Important Information Disclo
sure 4461556
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems
Click to Run Security
Update
Important Information Disclo
sure 4461556
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems
Click to Run Security
Update
Important Information Disclo
sure 4461556
Base: N/A
Temporal:
N/A
Vector: N/A
No
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0560 - Microsoft Office Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0560
MITRE
NVD
CVE Title: Microsoft Office Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when Microsoft Office improperly discloses the
contents of its memory. An attacker who exploited the vulnerability could use the information
to compromise the user's computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince
the user to open it. An attacker must know the memory address location where the object was
created.
The update addresses the vulnerability by changing the way certain functions handle objects
in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is uninitialized memory.
Important Information Discl
osure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0560
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Office 2010 Service Pack 2
(32-bit editions)
4461614 Security
Update
Important Information Disclo
sure 4092483
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0560
Microsoft Office 2010 Service Pack 2
(64-bit editions)
4461614 Security
Update
Important Information Disclo
sure 4092483
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1
(32-bit editions)
4461537 Security
Update
Important Information Disclo
sure 4461445
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1
(64-bit editions)
4461537 Security
Update
Important Information Disclo
sure 4461445
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service
Pack 1
4461537 Security
Update
Important Information Disclo
sure 4461445
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition)
4461535 Security
Update
Important Information Disclo
sure 4461437
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition)
4461535 Security
Update
Important Information Disclo
sure 4461437
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0560
N/A
Vector: N/A
Microsoft Office 2019 for 32-bit
editions
Click to Run Security
Update
Important Information Disclo
sure 4461437
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit
editions
Click to Run Security
Update
Important Information Disclo
sure 4461437
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems
Click to Run Security
Update
Important Information Disclo
sure 4461437
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems
Click to Run Security
Update
Important Information Disclo
sure 4461437
Base: N/A
Temporal:
N/A
Vector: N/A
No
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0561 - Microsoft Word Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0561
MITRE
NVD
CVE Title: Microsoft Word Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when Microsoft Word macro buttons are used
improperly. An attacker who successfully exploited this vulnerability could read arbitrary
files from a targeted system.
To exploit the vulnerability, an attacker could craft a special document file and convince the
user to open it. An attacker must know the file location whose data they wish to exfiltrate.
The update addresses the vulnerability by changing the way certain Word functions handle
security warnings
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is unauthorized file system access - reading from file system.
Mitigations:
Important Information Discl
osure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0561
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Word 2010 Service Pack 2 (32-bit
editions)
4461625 Security
Update
Important Information Discl
osure 4461526
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0561
Microsoft Word 2010 Service Pack 2 (64-bit
editions)
4461625 Security
Update
Important Information Discl
osure 4461526
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-
bit editions)
4461617 Security
Update
Important Information Discl
osure 4461524
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-
bit editions)
4461617 Security
Update
Important Information Discl
osure 4461524
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit
editions)
4461594 Security
Update
Important Information Discl
osure 4461485
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit
editions)
4461594 Security
Update
Important Information Discl
osure 4461485
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1
4461594 Security
Update
Important Information Discl
osure 4461485
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0561
N/A
Vector: N/A
Microsoft Office Web Apps Server 2010
Service Pack 2
4461620 Security
Update
Important Information Discl
osure 2965312
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac
Release Notes
Security Update
Important Information Discl
osure 2965312
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Word 2016 (32-bit edition)
4461543 Security
Update
Important Information Discl
osure 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition)
4461543 Security
Update
Important Information Discl
osure 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions
Click to Run
Security Update
Important Information Discl
osure 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
No
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0561
Microsoft Office 2019 for 64-bit editions
Click to Run
Security Update
Important Information Discl
osure 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for Mac
Release Notes
Security Update
Important Information Discl
osure 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems
Click to Run
Security Update
Important Information Discl
osure 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems
Click to Run
Security Update
Important Information Discl
osure 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
No
Word Automation Services on Microsoft
SharePoint Server 2010 Service Pack 2
4461612 Security
Update
Important Information Discl
osure 4461520
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0562 - Microsoft SharePoint Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0562
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not
properly sanitize a specially crafted web request to an affected SharePoint server. An
authenticated attacker could exploit the vulnerability by sending a specially crafted request to an
affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting
attacks on affected systems and run script in the security context of the current user. These
attacks could allow the attacker to read content that the attacker is not authorized to read, use the
victim's identity to take actions on the SharePoint site on behalf of the user, such as change
permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server
properly sanitizes web requests.
FAQ:
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0562
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft SharePoint Enterprise Server
2016
4461598 Security
Update
Important Elevation of
Privilege 4461541
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0562
N/A
Vector: N/A
Microsoft SharePoint Enterprise Server
2013 Service Pack 1
4461591 Security
Update
Important Elevation of
Privilege 4461549
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019
4461634 Security
Update
Important Elevation of
Privilege 4461548
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
CVE-2019-0564 - ASP.NET Core Denial of Service Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0564
MITRE
NVD
CVE Title: ASP.NET Core Denial of Service Vulnerability
Description:
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests.
An attacker who successfully exploited this vulnerability could cause a denial of service against
an ASP.NET Core web application. The vulnerability can be exploited remotely, without
authentication.
Important Denial of
Service
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted
requests to the .NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application
handles web requests.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0564
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ASP.NET Core 2.1 Release Notes Security Update
Important Denial of Service
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0565 - Microsoft Edge Memory Corruption Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0565
MITRE
NVD
CVE Title: Microsoft Edge Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects
in memory. The vulnerability could corrupt memory in such a way that enables an attacker to
execute arbitrary code in the context of the current user. An attacker who successfully exploited
the vulnerability could gain the same user rights as the current user. If the current user is logged
on with administrative user rights, an attacker could take control of an affected system. An
attacker could then install programs; view, change, or delete data; or create new accounts with
full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerability
through Microsoft Edge, and then convince a user to view the website. The attacker could also
take advantage of compromised websites and websites that accept or host user-provided content
Critical Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
or advertisements by adding specially crafted content that could exploit the vulnerability. In all
cases, however, an attacker would have no way to force users to view the attacker-controlled
content. Instead, an attacker would have to convince users to take action, typically by way of
enticement in an email or Instant Messenger message, or by getting them to open an attachment
sent through email.
The security update addresses the vulnerability by modifying how Microsoft Edge handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0565
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge on
Windows
10 Version
1803 for
32-bit
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1803 for
x64-based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0565
Microsoft
Edge on
Windows
10 Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1809 for
32-bit
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1809 for
x64-based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0565
Microsoft
Edge on
Windows
10 Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2019
4480116
Security
Update
Moderate
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
CVE-2019-0566 - Microsoft Edge Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0566
CVE Title: Microsoft Edge Elevation of Privilege Vulnerability
Description: Important
Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object.
An attacker who successfully exploited the vulnerability could use the Browser Broker COM
object to elevate privileges on an affected system.
This vulnerability by itself does not allow arbitrary code execution; however, it could allow
arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as
a remote code execution vulnerability or another elevation of privilege vulnerability) that is
capable of leveraging the elevated privileges when code execution is attempted.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0566
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge on
Windows
10 for 32-
bit Systems
4480962
Security
Update
Important
Elevation
of
Privilege
4483228
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 for x64-
based
Systems
4480962
Security
Update
Important
Elevation
of
Privilege
4483228
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2016
4480961
Security
Update
Low
Elevation
of
Privilege
4471321
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0566
Microsoft
Edge on
Windows
10 Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Elevation
of
Privilege
4483229
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Elevation
of
Privilege
4471321
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Elevation
of
Privilege
4483229
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
4480973
Security
Update
Important
Elevation
of
Privilege
4483229
Base: 4.3
Temporal: 3.9
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0566
1703 for
x64-based
Systems
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Microsoft
Edge on
Windows
10 Version
1709 for 32-
bit Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Elevation
of
Privilege
4483232
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0566
Microsoft
Edge on
Windows
10 Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Elevation
of
Privilege
4483234
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0566
Microsoft
Edge on
Windows
10 Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
10 Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Elevation
of
Privilege
4483235
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2019
4480116
Security
Update
Low
Elevation
of
Privilege
4483235
Base: 4.3
Temporal: 3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
4480978
Security Important
Elevation
of
Privilege
4483232
Base: 4.3
Temporal: 3.9
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0566
10 Version
1709 for
ARM64-
based
Systems
Update
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/R
C:C
CVE-2019-0567 - Chakra Scripting Engine Memory Corruption
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0567
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles
objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as the current user. If the
current user is logged on with administrative user rights, an attacker who successfully exploited
the vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
Critical Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Microsoft Edge and then convince a user to view
the website. The attacker could also take advantage of compromised websites and websites that
accept or host user-provided content or advertisements. These websites could contain specially
crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the Chakra scripting engine
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
© NSFOCUS 2018 https://www.nsfocusglobal.com
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0567
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge on
Windows 10
for 32-bit
Systems
4480962
Security
Update
Critical
Remote
Code
Execution
4483228
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
for x64-
based
Systems
4480962
Security
Update
Critical
Remote
Code
Execution
4483228
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2016
4480961
Security
Update
Moderate
Remote
Code
Execution
4471321
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0567
Microsoft
Edge on
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Critical
Remote
Code
Execution
4471321
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
4480973
Security
Update
Critical
Remote
Code
Execution
4483229
Base: 4.2
Temporal: 3.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0567
1703 for
x64-based
Systems
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Microsoft
Edge on
Windows 10
Version
1709 for 32-
bit Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Critical
Remote
Code
Execution
4483232
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0567
Microsoft
Edge on
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0567
Microsoft
Edge on
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2019
4480116
Security
Update
Moderate
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
4480978
Security Critical
Remote
Code
Execution
4483232
Base: 4.2
Temporal: 3.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0567
Version
1709 for
ARM64-
based
Systems
Update
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4483232
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2019-0568 - Chakra Scripting Engine Memory Corruption
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0568
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles
objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way
Critical Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
MITRE
NVD
that an attacker could execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as the current user. If the
current user is logged on with administrative user rights, an attacker who successfully exploited
the vulnerability could take control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
designed to exploit the vulnerability through Microsoft Edge and then convince a user to view
the website. The attacker could also take advantage of compromised websites and websites that
accept or host user-provided content or advertisements. These websites could contain specially
crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the Chakra scripting engine
handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0568
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Microsoft
Edge on
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0568
1803 for
x64-based
Systems
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Microsoft
Edge on
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Critical
Remote
Code
Execution
4483234
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows 10
Version
1809 for
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0568
x64-based
Systems
Microsoft
Edge on
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
Microsoft
Edge on
Windows
Server 2019
4480116
Security
Update
Moderate
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Yes
ChakraCore
Release
Notes
Security
Update
Critical
Remote
Code
Execution
4483235
Base: 4.2
Temporal: 3.8
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/R
C:C
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569 - Windows Kernel Information Disclosure Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0569
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could obtain
information to further compromise the user's system.
An authenticated attacker could exploit this vulnerability by running a specially crafted
application.
The update addresses the vulnerability by correcting how the Windows kernel handles objects
in memory.
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is Kernel memory read - unintentional read access to memory contents in kernel
space from a user mode process.
Important Information Discl
osure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0569
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7 for 32-bit
Systems Service Pack
1
4480960
Security
Only
4480970
Important Information
Disclosure 4471318
Base: 5.5
Temporal: 5.5
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Monthly
Rollup
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Windows 7 for x64-
based Systems
Service Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2008 R2 for x64-
based Systems
Service Pack 1
(Server Core
installation)
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2008 R2 for Itanium-
Based Systems
Service Pack 1
4480960
Security
Only
4480970
Monthly
Important Information
Disclosure 4471318
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Rollup
Windows Server
2008 R2 for x64-
based Systems
Service Pack 1
4480960
Security
Only
4480970
Monthly
Rollup
Important Information
Disclosure 4471318
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2008 for 32-bit
Systems Service Pack
2 (Server Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2012
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Windows Server
2012 (Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important Information
Disclosure 4471330
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 8.1 for 32-
bit systems
4480964
Security
Only
4480963
Monthly
Rollup
Important Information
Disclosure 4471320
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 8.1 for x64-
based systems
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2012 R2
4480963
Monthly Important
Information
Disclosure 4471320
Base: 5.5
Temporal: 5.5 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Rollup
4480964
Security
Only
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Windows RT 8.1
4480963
Monthly
Rollup
Important Information
Disclosure 4471320
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2012 R2 (Server Core
installation)
4480963
Monthly
Rollup
4480964
Security
Only
Important Information
Disclosure 4471320
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 for 32-
bit Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Windows 10 for x64-
based Systems
4480962
Security
Update
Important Information
Disclosure 4483228
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2016
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1607 for 32-bit
Systems
4480961
Security
Update
Important Information
Disclosure 4483229
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1607 for x64-based
Systems
4480961
Security
Update
Important Information
Disclosure 4471321
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2016 (Server Core
installation)
4480961
Security Important
Information
Disclosure 4471321
Base: 5.5
Temporal: 5.5
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Windows 10 Version
1703 for 32-bit
Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1703 for x64-based
Systems
4480973
Security
Update
Important Information
Disclosure 4483229
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1709 for 32-bit
Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1709 for x64-based
Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Windows Server,
version 1709 (Server
Core Installation)
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1803 for 32-bit
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1803 for x64-based
Systems
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server,
version 1803 (Server
Core Installation)
4480966
Security
Update
Important Information
Disclosure 4483234
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1803 for ARM64-
based Systems
4480966
Security Important
Information
Disclosure 4483234
Base: 5.5
Temporal: 5.5
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Windows 10 Version
1809 for 32-bit
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1809 for x64-based
Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1809 for ARM64-
based Systems
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2019
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Windows Server
2019 (Server Core
installation)
4480116
Security
Update
Important Information
Disclosure 4483235
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows 10 Version
1709 for ARM64-
based Systems
4480978
Security
Update
Important Information
Disclosure 4483232
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2008 for Itanium-
Based Systems
Service Pack 2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2008 for 32-bit
Systems Service Pack
2
4480957
Security
Only
4480968
Monthly
Important Information
Disclosure 4471325
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0569
Rollup
Windows Server
2008 for x64-based
Systems Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
Windows Server
2008 for x64-based
Systems Service Pack
2 (Server Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important Information
Disclosure 4471325
Base: 5.5
Temporal: 5.5
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:
N
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570 - Windows Runtime Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0570
MITRE
NVD
CVE Title: Windows Runtime Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles
objects in memory. An attacker who successfully exploited this vulnerability could run
arbitrary code in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on the
victim system.
The update addresses the vulnerability by correcting the way the Windows Runtime handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0570
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Windows Server
2012
4480972
Security
Only
4480975
Monthly
Rollup
Important Elevation of
Privilege 4471330
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2012 (Server Core
installation)
4480972
Security
Only
Important Elevation of
Privilege 4471330
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570
4480975
Monthly
Rollup
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 8.1 for 32-
bit systems
4480964
Security
Only
4480963
Monthly
Rollup
Important Elevation of
Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 8.1 for
x64-based systems
4480963
Monthly
Rollup
4480964
Security
Only
Important Elevation of
Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2012 R2
4480963
Monthly
Rollup
4480964
Security
Important Elevation of
Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570
Only
Windows RT 8.1
4480963
Monthly
Rollup
Important Elevation of
Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2012 R2 (Server
Core installation)
4480963
Monthly
Rollup
4480964
Security
Only
Important Elevation of
Privilege 4471320
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 for 32-
bit Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 for x64-
based Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server
2016
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for 32-bit
Systems
4480961
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for x64-based
Systems
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2016 (Server Core
installation)
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570
Windows 10 Version
1703 for 32-bit
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for x64-based
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for 32-bit
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for x64-based
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1709 (Server
Core Installation)
4480978
Security Important
Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1803 for 32-bit
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for x64-based
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1803 (Server
Core Installation)
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for ARM64-
based Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570
Windows 10 Version
1809 for 32-bit
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for x64-based
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for ARM64-
based Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019 (Server Core
installation)
4480116
Security Important
Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0570
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1709 for ARM64-
based Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
CVE-2019-0571 - Windows Data Sharing Service Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0571
MITRE
NVD
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service
improperly handles file operations. An attacker who successfully exploited this vulnerability
could run processes in an elevated context.
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by running a specially crafted application on the
victim system.
The update addresses the vulnerability by correcting the way the Windows Data Sharing
Service handles file operations.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0571
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Windows 10 for 32-
bit Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 for x64-
based Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2016
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for 32-bit
Systems
4480961
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0571
Windows 10 Version
1607 for x64-based
Systems
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2016 (Server Core
installation)
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for 32-bit
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for x64-based
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for 32-bit
Systems
4480978
Security Important
Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0571
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1709 for x64-based
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1709 (Server
Core Installation)
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for 32-bit
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for x64-based
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0571
Windows Server,
version 1803 (Server
Core Installation)
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for ARM64-
based Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for 32-bit
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for x64-based
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for ARM64-
based Systems
4480116
Security Important
Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0571
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server
2019
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019 (Server Core
installation)
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for ARM64-
based Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0572 - Windows Data Sharing Service Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0572
MITRE
NVD
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service
improperly handles file operations. An attacker who successfully exploited this vulnerability
could run processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on the
victim system.
The update addresses the vulnerability by correcting the way the Windows Data Sharing
Service handles file operations.
FAQ:
None
Mitigations:
None
Workarounds:
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0572
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Windows 10 for 32-
bit Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 for x64-
based Systems
4480962
Security Important
Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0572
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server
2016
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for 32-bit
Systems
4480961
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for x64-based
Systems
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2016 (Server Core
installation)
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0572
Windows 10 Version
1703 for 32-bit
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for x64-based
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for 32-bit
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for x64-based
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1709 (Server
Core Installation)
4480978
Security Important
Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0572
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1803 for 32-bit
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for x64-based
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1803 (Server
Core Installation)
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for ARM64-
based Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0572
Windows 10 Version
1809 for 32-bit
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for x64-based
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for ARM64-
based Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019 (Server Core
installation)
4480116
Security Important
Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0572
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1709 for ARM64-
based Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
CVE-2019-0573 - Windows Data Sharing Service Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0573
MITRE
NVD
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service
improperly handles file operations. An attacker who successfully exploited this vulnerability
could run processes in an elevated context.
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by running a specially crafted application on the
victim system.
The update addresses the vulnerability by correcting the way the Windows Data Sharing
Service handles file operations.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0573
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Windows 10 for 32-
bit Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 for x64-
based Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2016
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for 32-bit
Systems
4480961
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0573
Windows 10 Version
1607 for x64-based
Systems
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2016 (Server Core
installation)
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for 32-bit
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for x64-based
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for 32-bit
Systems
4480978
Security Important
Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0573
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1709 for x64-based
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1709 (Server
Core Installation)
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for 32-bit
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for x64-based
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0573
Windows Server,
version 1803 (Server
Core Installation)
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for ARM64-
based Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for 32-bit
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for x64-based
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for ARM64-
based Systems
4480116
Security Important
Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0573
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server
2019
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019 (Server Core
installation)
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for ARM64-
based Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0574 - Windows Data Sharing Service Elevation of Privilege
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0574
MITRE
NVD
CVE Title: Windows Data Sharing Service Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service
improperly handles file operations. An attacker who successfully exploited this vulnerability
could run processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on the
victim system.
The update addresses the vulnerability by correcting the way the Windows Data Sharing
Service handles file operations.
FAQ:
None
Mitigations:
None
Workarounds:
Important Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0574
Product KB Article Severity Impact Supersedence CVSS Score Set Restart
Required
Windows 10 for 32-
bit Systems
4480962
Security
Update
Important Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 for x64-
based Systems
4480962
Security Important
Elevation of
Privilege 4483228
Base: 7.8
Temporal: 7.8 Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0574
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows Server
2016
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for 32-bit
Systems
4480961
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1607 for x64-based
Systems
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2016 (Server Core
installation)
4480961
Security
Update
Important Elevation of
Privilege 4471321
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0574
Windows 10 Version
1703 for 32-bit
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1703 for x64-based
Systems
4480973
Security
Update
Important Elevation of
Privilege 4483229
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for 32-bit
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1709 for x64-based
Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1709 (Server
Core Installation)
4480978
Security Important
Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0574
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1803 for 32-bit
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for x64-based
Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server,
version 1803 (Server
Core Installation)
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1803 for ARM64-
based Systems
4480966
Security
Update
Important Elevation of
Privilege 4483234
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0574
Windows 10 Version
1809 for 32-bit
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for x64-based
Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows 10 Version
1809 for ARM64-
based Systems
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019
4480116
Security
Update
Important Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
Windows Server
2019 (Server Core
installation)
4480116
Security Important
Elevation of
Privilege 4483235
Base: 7.8
Temporal: 7.8
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0574
Update
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Windows 10 Version
1709 for ARM64-
based Systems
4480978
Security
Update
Important Elevation of
Privilege 4483232
Base: 7.8
Temporal: 7.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:
H
Yes
CVE-2019-0575 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0575
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0575
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0576 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0576
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0576
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0577 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0577
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0577
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0578 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0578
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0578
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0579 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0579
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0579
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0580 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0580
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0580
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0581 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0581
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0581
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0582 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0582
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0582
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0583 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0583
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0583
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0584 - Jet Database Engine Remote Code Execution
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0584
MITRE
NVD
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine
improperly handles objects in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim system.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted
file.
The update addresses the vulnerability by correcting the way the Windows Jet Database
Engine handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 7
for 32-bit
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 7
for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1 (Server
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Core
installation)
Windows
Server 2008
R2 for
Itanium-
Based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
R2 for x64-
based
Systems
Service Pack
1
4480960
Security
Only
4480970
Monthly
Rollup
Important
Remote
Code
Execution
4471318
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2 (Server
4480957
Security
Only
4480968
Monthly
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Core
installation)
Rollup
Windows
Server 2012
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
(Server Core
installation)
4480972
Security
Only
4480975
Monthly
Rollup
Important
Remote
Code
Execution
4471330
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
8.1 for 32-bit
systems
4480964
Security
Only
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Windows
8.1 for x64-
based
systems
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2
4480963
Monthly
Rollup
4480964
Security
Only
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
RT 8.1
4480963
Monthly
Rollup
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2012
R2 (Server
4480963
Monthly
Rollup
4480964
Important
Remote
Code
Execution
4471320
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Core
installation)
Security
Only
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
for 32-bit
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
for x64-
based
Systems
4480962
Security
Update
Important
Remote
Code
Execution
4483228
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1607 for 32-
bit Systems
4480961
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Windows 10
Version
1607 for
x64-based
Systems
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2016
(Server Core
installation)
4480961
Security
Update
Important
Remote
Code
Execution
4471321
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for 32-
bit Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1703 for
x64-based
Systems
4480973
Security
Update
Important
Remote
Code
Execution
4483229
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
4480978
Security Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
1709 for 32-
bit Systems
Update
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Windows 10
Version
1709 for
x64-based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server,
version 1709
(Server Core
Installation)
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for 32-
bit Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
x64-based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Windows
Server,
version 1803
(Server Core
Installation)
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1803 for
ARM64-
based
Systems
4480966
Security
Update
Important
Remote
Code
Execution
4483234
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for 32-
bit Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1809 for
x64-based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Windows 10
Version
1809 for
ARM64-
based
Systems
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2019
(Server Core
installation)
4480116
Security
Update
Important
Remote
Code
Execution
4483235
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows 10
Version
1709 for
ARM64-
based
Systems
4480978
Security
Update
Important
Remote
Code
Execution
4483232
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Windows
Server 2008
for Itanium-
Based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for 32-bit
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
Windows
Server 2008
for x64-
based
Systems
Service Pack
2
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0584
Windows
Server 2008
for x64-
based
Systems
Service Pack
2 (Server
Core
installation)
4480957
Security
Only
4480968
Monthly
Rollup
Important
Remote
Code
Execution
4471325
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/R
C:C
Yes
CVE-2019-0585 - Microsoft Word Remote Code Execution Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0585
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists in Microsoft Word software when it fails to
properly handle objects in memory. An attacker who successfully exploited the vulnerability
could use a specially crafted file to perform actions in the security context of the current user.
For example, the file could then take actions on behalf of the logged-on user with the same
permissions as the current user.
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
To exploit the vulnerability, a user must open a specially crafted file with an affected version of
Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability
by sending the specially crafted file to the user and convincing the user to open the file. In
a web-based attack scenario, an attacker could host a website (or leverage a
compromised website that accepts or hosts user-provided content) that contains a specially
crafted file that is designed to exploit the vulnerability. However, an attacker would have
no way to force the user to visit the website. Instead, an attacker would have to convince the
user to click a link, typically by way of an enticement in an email or Instant Messenger message,
and then convince the user to open the specially crafted file.
The security update addresses the vulnerability by correcting how Microsoft Word handles files
in memory.
FAQ:
I have Microsoft Word 2010 installed. Why am I not being offered the 4461617 update?
The 4461617 update only applies to systems running specific configurations of Microsoft Office
2010. Some configurations will not be offered the update.
Mitigations:
None
Workarounds:
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0585
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Word 2010 Service Pack 2 (32-bit
editions)
4461625 Security
Update
Important Remote Code
Execution 4461526
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit
editions)
4461625 Security
Update
Important Remote Code
Execution 4461526
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0585
N/A
Vector: N/A
Microsoft Office 2010 Service Pack 2 (32-bit
editions)
4461617 Security
Update
Important Remote Code
Execution 4461524
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit
editions)
4461617 Security
Update
Important Remote Code
Execution 4461524
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit
editions)
4461594 Security
Update
Important Remote Code
Execution 4461485
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit
editions)
4461594 Security
Update
Important Remote Code
Execution 4461485
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1
4461594 Security
Update
Important Remote Code
Execution 4461485
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0585
Microsoft Office Web Apps Server 2010
Service Pack 2
4461620 Security
Update
Important Remote Code
Execution 2965312
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac
Release Notes
Security Update
Important Remote Code
Execution 2965312
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Word 2016 (32-bit edition)
4461543 Security
Update
Important Remote Code
Execution 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition)
4461543 Security
Update
Important Remote Code
Execution 4461504
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016
4461598 Security
Update
Important Remote Code
Execution 4461541
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2013
Service Pack 1
4461589 Security
Update
Important Remote Code
Execution 4022234
Base: N/A
Temporal: Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0585
N/A
Vector: N/A
Microsoft Office 2019 for 32-bit editions
Click to Run
Security Update
Important Remote Code
Execution 4022234
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions
Click to Run
Security Update
Important Remote Code
Execution 4022234
Base: N/A
Temporal:
N/A
Vector: N/A
No
Microsoft Office 2019 for Mac
Release Notes
Security Update
Important Remote Code
Execution 4022234
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems
Click to Run
Security Update
Important Remote Code
Execution 4022234
Base: N/A
Temporal:
N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems
Click to Run
Security Update
Important Remote Code
Execution 4022234
Base: N/A
Temporal:
N/A
Vector: N/A
No
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0585
Microsoft SharePoint Server 2019
4461634 Security
Update
Important Remote Code
Execution 4461548
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer
4461635 Security
Update
Important Remote Code
Execution 4092434
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Office Online Server
4461633 Security
Update
Important Remote Code
Execution 4011027
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Word Automation Services on Microsoft
SharePoint Server 2010 Service Pack 2
4461612 Security
Update
Important Remote Code
Execution 4461520
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0586 - Microsoft Exchange Memory Corruption Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0586
MITRE
NVD
CVE Title: Microsoft Exchange Memory Corruption Vulnerability
Description:
A remote code execution vulnerability exists in Microsoft Exchange software when the software
fails to properly handle objects in memory. An attacker who successfully exploited the
vulnerability could run arbitrary code in the context of the System user. An attacker could then
install programs; view, change, or delete data; or create new accounts.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable
Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange handles
objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Important Remote Code
Execution
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0586
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Exchange Server 2016
Cumulative Update 10
4471389 Security
Update
Important Remote Code
Execution 4468741
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019
4471389 Security
Update
Important Remote Code
Execution 4468741
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0586
Microsoft Exchange Server 2016
Cumulative Update 11
4471389 Security
Update
Important Remote Code
Execution 4468741
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
CVE-2019-0588 - Microsoft Exchange Information Disclosure
Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-
2019-
0588
MITRE
NVD
CVE Title: Microsoft Exchange Information Disclosure Vulnerability
Description:
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API
grants calendar contributors more view permissions than intended. To exploit this vulnerability,
an attacker would need to be granted contributor access to an Exchange Calendar by an
administrator via PowerShell. The attacker would then be able to view additional details about
the calendar that would normally be hidden.
The security update addresses the vulnerability by modifying how the Exchange PowerShell API
grants permissions to contributors.
Important Information Disc
losure
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
FAQ:
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this
vulnerability is miscellaneous details from calendar entries such as the subject of a
meeting, which would otherwise not be disclosed.
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0588
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Microsoft Exchange Server 2013
Cumulative Update 21
4471389 Security
Update
Important Information Disclo
sure 4459266
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016
Cumulative Update 10
4471389 Security
Update
Important Information Disclo
sure 4468741
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2019
4471389 Security
Update
Important Information Disclo
sure 4468741
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016
Cumulative Update 11
4471389 Security
Update
Important Information Disclo
sure 4468741
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2010 Service
Pack 3 Update Rollup 25
4468742 Security
Update
Important Information Disclo
sure 4458321
Base: N/A
Temporal:
N/A
Vector: N/A
Maybe
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0622 - Skype for Android Elevation of Privilege Vulnerability
CVE ID Vulnerability Description Maximum Severity
Rating
Vulnerability
Impact
CVE-2019-
0622
MITRE
NVD
CVE Title: Skype for Android Elevation of Privilege Vulnerability
Description:
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly
handle specific authentication requests.
An attacker who successfully exploited this vulnerability could bypass Android's
lockscreen and access a victim's personal information.
To exploit the vulnerability, an attacker would need have physical access to the phone.
The security update addresses the vulnerability by correcting how Skype for Android
handles authentication requests.
FAQ:
How do I get the update for Skype for Android?
1. Tap the Google Play icon on your home screen.
2. Swipe in from the left edge of the screen.
3. Tap My apps & games.
Moderate Elevation of
Privilege
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE ID Vulnerability Description Maximum Severity
Rating
Vulnerability
Impact
4. Tap the Update box next to the Skype app.
Does the vulnerability exist in Skype for Business or the consumer version of
Skype?
This vulnerability only affects the consumer version of Skype.
Mitigations:
None
Workarounds:
None
Revision:
1.0 01/08/2019 08:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
© NSFOCUS 2018 https://www.nsfocusglobal.com
CVE-2019-0622
Product KB
Article Severity Impact Supersedence
CVSS Score
Set
Restart
Required
Skype 8.35 when installed on
Android Devices Moderate
Elevation of
Privilege
Base: N/A
Temporal: N/A
Vector: N/A
Statement
==========
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS
and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory.
NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring
this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission
from NSFOCUS.
About NSFOCUS
============
NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the
Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex
cyber threat landscape through the construction and implementation of multi-layered defense systems. The company's Intelligent Hybrid Security
© NSFOCUS 2018 https://www.nsfocusglobal.com
strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified,
multi-layer protection from advanced cyber threats.
For more information about NSFOCUS, please visit:
https://www.nsfocusglobal.com.
NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks
are property of their respective firms.
QR code of NSFOCUS at Sina Weibo QR code of NSFOCUS at WeChat