https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0906

https://www.zerodayinitiative.com/advisories/ZDI-19-624/

The remote Windows host is missing security update 4503327.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1007, CVE-2019-1021,     CVE-2019-1022, CVE-2019-1026, CVE-2019-1027,     CVE-2019-1028)

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0722)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2019-0990,     CVE-2019-1023)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0959, CVE-2019-0984)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could run arbitrary code in kernel mode. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-1018)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists in Edge     that allows for bypassing Mark of the Web Tagging     (MOTW). Failing to set the MOTW means that a large     number of Microsoft security technologies are bypassed.
    (CVE-2019-1054)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - An elevation of privilege vulnerability exists when     Windows AppX Deployment Service (AppXSVC) improperly     handles hard links. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context. An attacker could then install     programs; view, change or delete data.  (CVE-2019-1064)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2019-0989, CVE-2019-0991,     CVE-2019-0992, CVE-2019-0993, CVE-2019-1003,     CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - A security feature bypass vulnerability exists when     Windows Secure Kernel Mode fails to properly handle     objects in memory.  (CVE-2019-1044)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists in the     way the Task Scheduler Service validates certain file     operations. An attacker who successfully exploited the     vulnerability could gain elevated privileges on a victim     system.  (CVE-2019-1069)

  - An elevation of privilege vulnerability exists when the     Storage Service improperly handles file operations. An     attacker who successfully exploited this vulnerability     could gain elevated privileges on the victim system.
    (CVE-2019-0983, CVE-2019-0998)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2019-1041, CVE-2019-1065)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503293.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1007, CVE-2019-1021,     CVE-2019-1022, CVE-2019-1026, CVE-2019-1027,     CVE-2019-1028)

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0722)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2019-0990,     CVE-2019-1023)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0959, CVE-2019-0984)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists in Edge     that allows for bypassing Mark of the Web Tagging     (MOTW). Failing to set the MOTW means that a large     number of Microsoft security technologies are bypassed.
    (CVE-2019-1054)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - An elevation of privilege vulnerability exists when     Windows AppX Deployment Service (AppXSVC) improperly     handles hard links. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context. An attacker could then install     programs; view, change or delete data.  (CVE-2019-1064)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2019-0989, CVE-2019-0991,     CVE-2019-0992, CVE-2019-0993, CVE-2019-1003,     CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists in the     way the Task Scheduler Service validates certain file     operations. An attacker who successfully exploited the     vulnerability could gain elevated privileges on a victim     system.  (CVE-2019-1069)

  - An elevation of privilege vulnerability exists when the     Storage Service improperly handles file operations. An     attacker who successfully exploited this vulnerability     could gain elevated privileges on the victim system.
    (CVE-2019-0983, CVE-2019-0998)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2019-1041, CVE-2019-1065)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503269 or cumulative update 4503292. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009,     CVE-2019-1010, CVE-2019-1011, CVE-2019-1012,     CVE-2019-1013, CVE-2019-1015, CVE-2019-1016,     CVE-2019-1046, CVE-2019-1047, CVE-2019-1048,     CVE-2019-1049)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0722)

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0713)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1028)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An elevation of privilege vulnerability exists in the     way that the Windows Network File System (NFS) handles     objects in memory. An attacker who successfully     exploited the vulnerability could execute code with     elevated permissions.  (CVE-2019-1045)

  - A remote code execution vulnerability exists when the     Microsoft Speech API (SAPI) improperly handles text-to-     speech (TTS) input. The vulnerability could corrupt     memory in a way that enables an attacker to execute     arbitrary code in the context of the current user.
    (CVE-2019-0985)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-0960, CVE-2019-1014,     CVE-2019-1017)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503291.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2019-0990,     CVE-2019-1023)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could run arbitrary code in kernel mode. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-1018)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2019-0989, CVE-2019-0991,     CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,     CVE-2019-1003, CVE-2019-1051, CVE-2019-1052)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0709,     CVE-2019-0722)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1007, CVE-2019-1028)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An elevation of privilege vulnerability exists in the     way that the Windows Network File System (NFS) handles     objects in memory. An attacker who successfully     exploited the vulnerability could execute code with     elevated permissions.  (CVE-2019-1045)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists in the     way the Task Scheduler Service validates certain file     operations. An attacker who successfully exploited the     vulnerability could gain elevated privileges on a victim     system.  (CVE-2019-1069)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503286.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0722)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2019-0990,     CVE-2019-1023)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could run arbitrary code in kernel mode. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-1018)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists in Edge     that allows for bypassing Mark of the Web Tagging     (MOTW). Failing to set the MOTW means that a large     number of Microsoft security technologies are bypassed.
    (CVE-2019-1054)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - An elevation of privilege vulnerability exists when     Windows AppX Deployment Service (AppXSVC) improperly     handles hard links. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context. An attacker could then install     programs; view, change or delete data.  (CVE-2019-1064)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1007, CVE-2019-1021,     CVE-2019-1026, CVE-2019-1027, CVE-2019-1028)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0959, CVE-2019-0984)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2019-0989, CVE-2019-0991,     CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,     CVE-2019-1003, CVE-2019-1024, CVE-2019-1051,     CVE-2019-1052)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists in the     way the Task Scheduler Service validates certain file     operations. An attacker who successfully exploited the     vulnerability could gain elevated privileges on a victim     system.  (CVE-2019-1069)

  - An elevation of privilege vulnerability exists when the     Storage Service improperly handles file operations. An     attacker who successfully exploited this vulnerability     could gain elevated privileges on the victim system.
    (CVE-2019-0983, CVE-2019-0998)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2019-1041, CVE-2019-1065)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503263 or cumulative update 4503285. It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0722)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0713)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An elevation of privilege vulnerability exists in the     way that the Windows Network File System (NFS) handles     objects in memory. An attacker who successfully     exploited the vulnerability could execute code with     elevated permissions.  (CVE-2019-1045)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1015,     CVE-2019-1046, CVE-2019-1050)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503284.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2019-0990,     CVE-2019-1023)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could run arbitrary code in kernel mode. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-1018)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists in Edge     that allows for bypassing Mark of the Web Tagging     (MOTW). Failing to set the MOTW means that a large     number of Microsoft security technologies are bypassed.
    (CVE-2019-1054)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - An elevation of privilege vulnerability exists when     Windows AppX Deployment Service (AppXSVC) improperly     handles hard links. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context. An attacker could then install     programs; view, change or delete data.  (CVE-2019-1064)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1007, CVE-2019-1021,     CVE-2019-1027, CVE-2019-1028)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0709,     CVE-2019-0722)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An elevation of privilege vulnerability exists in the     way that the Windows Network File System (NFS) handles     objects in memory. An attacker who successfully     exploited the vulnerability could execute code with     elevated permissions.  (CVE-2019-1045)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2019-0989, CVE-2019-0991,     CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,     CVE-2019-1003, CVE-2019-1024, CVE-2019-1051,     CVE-2019-1052)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists in the     way the Task Scheduler Service validates certain file     operations. An attacker who successfully exploited the     vulnerability could gain elevated privileges on a victim     system.  (CVE-2019-1069)

  - An elevation of privilege vulnerability exists when the     Storage Service improperly handles file operations. An     attacker who successfully exploited this vulnerability     could gain elevated privileges on the victim system.
    (CVE-2019-0983, CVE-2019-0998)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503279.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2019-0990,     CVE-2019-1023)

  - An elevation of privilege vulnerability exists when the     Storage Service improperly handles file operations. An     attacker who successfully exploited this vulnerability     could gain elevated privileges on the victim system.
    (CVE-2019-0983)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could run arbitrary code in kernel mode. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-1018)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists in Edge     that allows for bypassing Mark of the Web Tagging     (MOTW). Failing to set the MOTW means that a large     number of Microsoft security technologies are bypassed.
    (CVE-2019-1054)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - An elevation of privilege vulnerability exists when     Windows AppX Deployment Service (AppXSVC) improperly     handles hard links. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context. An attacker could then install     programs; view, change or delete data.  (CVE-2019-1064)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1007, CVE-2019-1021,     CVE-2019-1028)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0709,     CVE-2019-0722)

  - An elevation of privilege vulnerability exists in the     way that the Windows Network File System (NFS) handles     objects in memory. An attacker who successfully     exploited the vulnerability could execute code with     elevated permissions.  (CVE-2019-1045)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2019-0989, CVE-2019-0991,     CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,     CVE-2019-1003, CVE-2019-1024, CVE-2019-1051,     CVE-2019-1052)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists in the     way the Task Scheduler Service validates certain file     operations. An attacker who successfully exploited the     vulnerability could gain elevated privileges on a victim     system.  (CVE-2019-1069)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503290 or cumulative update 4503276. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0722)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1028)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An elevation of privilege vulnerability exists in the     way that the Windows Network File System (NFS) handles     objects in memory. An attacker who successfully     exploited the vulnerability could execute code with     elevated permissions.  (CVE-2019-1045)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503287 or cumulative update 4503273. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-0960, CVE-2019-1014,     CVE-2019-1017)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0713)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0722)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009,     CVE-2019-1010, CVE-2019-1011, CVE-2019-1012,     CVE-2019-1013, CVE-2019-1015, CVE-2019-1016,     CVE-2019-1046, CVE-2019-1047, CVE-2019-1048,     CVE-2019-1049)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

The remote Windows host is missing security update 4503267.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2019-0989, CVE-2019-0991,     CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,     CVE-2019-1003, CVE-2019-1051, CVE-2019-1052)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-1014, CVE-2019-1017)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2019-0990,     CVE-2019-1023)

  - An elevation of privilege vulnerability exists when the     Storage Service improperly handles file operations. An     attacker who successfully exploited this vulnerability     could gain elevated privileges on the victim system.
    (CVE-2019-0983)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could run arbitrary code in kernel mode. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-1018)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists in Edge     that allows for bypassing Mark of the Web Tagging     (MOTW). Failing to set the MOTW means that a large     number of Microsoft security technologies are bypassed.
    (CVE-2019-1054)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - An elevation of privilege vulnerability exists when     Windows AppX Deployment Service (AppXSVC) improperly     handles hard links. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context. An attacker could then install     programs; view, change or delete data.  (CVE-2019-1064)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0620, CVE-2019-0709,     CVE-2019-0722)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1007, CVE-2019-1028)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,     CVE-2019-1050)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists in the     way the Task Scheduler Service validates certain file     operations. An attacker who successfully exploited the     vulnerability could gain elevated privileges on a victim     system.  (CVE-2019-1069)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

ID	Name	Product	Family	Severity
125826	KB4503327: Windows 10 Version 1809 and Windows Server 2019 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125825	KB4503293: Windows 10 Version 1903 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125824	KB4503269: Windows 7 and Windows Server 2008 R2 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125823	KB4503291: Windows 10 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125822	KB4503286: Windows 10 Version 1803 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125821	KB4503263: Windows Server 2012 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125820	KB4503284: Windows 10 Version 1709 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125819	KB4503279: Windows 10 Version 1703 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125818	KB4503290: Windows 8.1 and Windows Server 2012 R2 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125817	KB4503287: Windows Server 2008 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125816	KB4503267: Windows 10 Version 1607 and Windows Server 2016 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2019-0906

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins