https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0968

The remote Windows host is missing security update 4503269 or cumulative update 4503292. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009,     CVE-2019-1010, CVE-2019-1011, CVE-2019-1012,     CVE-2019-1013, CVE-2019-1015, CVE-2019-1016,     CVE-2019-1046, CVE-2019-1047, CVE-2019-1048,     CVE-2019-1049)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0722)

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2019-0943)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2019-1038)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0713)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - An elevation of privilege exists in Windows Audio     Service. An attacker who successfully exploited the     vulnerability could run arbitrary code with elevated     privileges.  (CVE-2019-1028)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0988)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

  - An elevation of privilege vulnerability exists in the     way that the Windows Network File System (NFS) handles     objects in memory. An attacker who successfully     exploited the vulnerability could execute code with     elevated permissions.  (CVE-2019-1045)

  - A remote code execution vulnerability exists when the     Microsoft Speech API (SAPI) improperly handles text-to-     speech (TTS) input. The vulnerability could corrupt     memory in a way that enables an attacker to execute     arbitrary code in the context of the current user.
    (CVE-2019-0985)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-0960, CVE-2019-1014,     CVE-2019-1017)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

The remote Windows host is missing security update 4503287 or cumulative update 4503273. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2019-1081)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,     CVE-2019-1080)

  - A tampering vulnerability exists in Microsoft Windows     when a man-in-the-middle attacker is able to     successfully bypass the NTLM MIC (Message Integrity     Check) protection. An attacker who successfully     exploited this vulnerability could gain the ability to     downgrade NTLM security features.  (CVE-2019-1040)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2019-0960, CVE-2019-1014,     CVE-2019-1017)

  - A denial of service vulnerability exists when Microsoft     Hyper-V on a host server fails to properly validate     input from a privileged user on a guest operating     system.  (CVE-2019-0713)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2019-0722)

  - An information disclosure vulnerability exists in the     Windows Event Viewer (eventvwr.msc) when it improperly     parses XML input containing a reference to an external     entity. An attacker who successfully exploited this     vulnerability could read arbitrary files via an XML     external entity (XXE) declaration.  (CVE-2019-0948)

  - A denial of service exists in Microsoft IIS Server when     the optional request filtering feature improperly     handles requests. An attacker who successfully exploited     this vulnerability could perform a temporary denial of     service against pages configured to use request     filtering.  (CVE-2019-0941)

  - A security feature bypass vulnerability exists where a     NETLOGON message is able to obtain the session key and     sign messages.  (CVE-2019-1019)

  - A remote code execution vulnerability exists when the     Windows Jet Database Engine improperly handles objects     in memory. An attacker who successfully exploited this     vulnerability could execute arbitrary code on a victim     system. An attacker could exploit this vulnerability by     enticing a victim to open a specially crafted file. The     update addresses the vulnerability by correcting the way     the Windows Jet Database Engine handles objects in     memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,     CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,     CVE-2019-0974)

  - An elevation of privilege vulnerability exists when the     Windows Shell fails to validate folder shortcuts. An     attacker who successfully exploited the vulnerability     could elevate privileges by escaping a sandbox.
    (CVE-2019-1053)

  - An information disclosure vulnerability exists when the     Windows GDI component improperly discloses the contents     of its memory. An attacker who successfully exploited     the vulnerability could obtain information to further     compromise the users system. There are multiple ways an     attacker could exploit the vulnerability, such as by     convincing a user to open a specially crafted document,     or by convincing a user to visit an untrusted webpage.
    The security update addresses the vulnerability by     correcting how the Windows GDI component handles objects     in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009,     CVE-2019-1010, CVE-2019-1011, CVE-2019-1012,     CVE-2019-1013, CVE-2019-1015, CVE-2019-1016,     CVE-2019-1046, CVE-2019-1047, CVE-2019-1048,     CVE-2019-1049)

  - A denial of service vulnerability exists when Windows     improperly handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding.  (CVE-2019-1025)

  - A remote code execution vulnerability exists in the way     that ActiveX Data Objects (ADO) handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code with the     victim users privileges. An attacker could craft a     website that exploits the vulnerability and then     convince a victim user to visit the website. The     security update addresses the vulnerability by modifying     how ActiveX Data Objects handle objects in memory.
    (CVE-2019-0888)

  - A remote code execution vulnerability exists in the way     that comctl32.dll handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2019-1043)

  - An elevation of privilege vulnerability exists when the     Windows User Profile Service (ProfSvc) improperly     handles symlinks. An attacker who successfully exploited     this vulnerability could delete files and folders in an     elevated context.  (CVE-2019-0986)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2019-0984)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2019-1039)

  - An elevation of privilege vulnerability exists in the     Windows Installer when the Windows Installer fails to     properly sanitize input leading to an insecure library     loading behavior. A locally authenticated attacker could     run arbitrary code with elevated system privileges. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights. The security update addresses the vulnerability     by correcting the input sanitization error to preclude     unintended elevation. (CVE-2019-0973)

  - This security update corrects a denial of service in the     Local Security Authority Subsystem Service (LSASS)     caused when an authenticated attacker sends a specially     crafted authentication request. A remote attacker who     successfully exploited this vulnerability could cause a     denial of service on the target system's LSASS service,     which triggers an automatic reboot of the system. The     security update addresses the vulnerability by changing     the way that LSASS handles specially crafted     authentication requests. (CVE-2019-0972)

ID	Name	Product	Family	Severity
125824	KB4503269: Windows 7 and Windows Server 2008 R2 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high
125817	KB4503287: Windows Server 2008 June 2019 Security Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2019-0968

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins