Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11418
HistoryFeb 12, 2019 - 12:00 a.m.

KLA11418 Multiple vulnerabilities in Microsoft Windows

2019-02-1200:00:00
Kaspersky Lab
threats.kaspersky.com
63

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.891

Percentile

98.8%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows can be exploited remotely via specially crafted application to obtain sensitive information;
  2. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges;
  3. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information;
  4. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  5. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  6. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  7. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  8. An elevation of privilege vulnerability in Windows Storage Service can be exploited remotely via specially crafted application to gain privileges;
  9. An information disclosure vulnerability in HID can be exploited remotely via specially crafted application to obtain sensitive information;
  10. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  11. A security feature bypass vulnerability in Windows can be exploited remotely to bypass security restrictions;
  12. A security feature bypass vulnerability in Windows can be exploited remotely to bypass security restrictions;
  13. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  14. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  15. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges;
  16. A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code;
  17. A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code;
  18. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code;
  19. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  20. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information;
  21. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  22. An information disclosure vulnerability in HID can be exploited remotely via specially crafted application to obtain sensitive information;
  23. A security feature bypass vulnerability in Windows Defender Firewall can be exploited remotely to bypass security restrictions;
  24. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information;
  25. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information;
  26. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  27. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  28. A security feature bypass vulnerability in Windows can be exploited remotely to bypass security restrictions;
  29. A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code;
  30. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  31. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code;
  32. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.

Original advisories

CVE-2019-0636

CVE-2019-0623

CVE-2019-0661

CVE-2019-0599

CVE-2019-0595

CVE-2019-0664

CVE-2019-0615

CVE-2019-0659

CVE-2019-0600

CVE-2019-0619

CVE-2019-0627

CVE-2019-0631

CVE-2019-0660

CVE-2019-0616

CVE-2019-0656

CVE-2019-0626

CVE-2019-0633

CVE-2019-0618

CVE-2019-0625

CVE-2019-0628

CVE-2019-0602

CVE-2019-0601

CVE-2019-0637

CVE-2019-0621

CVE-2019-0635

CVE-2019-0597

CVE-2019-0596

CVE-2019-0632

CVE-2019-0630

CVE-2019-0598

CVE-2019-0662

ADV190006

CVE-2019-0663

CVE-2019-0673

CVE-2019-0671

CVE-2019-0674

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2019-0673 critical

CVE-2019-0674 critical

CVE-2019-0671 critical

CVE-2019-0636 warning

CVE-2019-0623 high

CVE-2019-0661 warning

CVE-2019-0599 critical

CVE-2019-0595 critical

CVE-2019-0664 warning

CVE-2019-0615 warning

CVE-2019-0659 warning

CVE-2019-0600 warning

CVE-2019-0619 warning

CVE-2019-0627 warning

CVE-2019-0631 warning

CVE-2019-0660 warning

CVE-2019-0616 warning

CVE-2019-0656 high

CVE-2019-0626 critical

CVE-2019-0633 critical

CVE-2019-0618 critical

CVE-2019-0625 critical

CVE-2019-0628 warning

CVE-2019-0602 warning

CVE-2019-0601 warning

CVE-2019-0637 warning

CVE-2019-0621 warning

CVE-2019-0635 high

CVE-2019-0597 critical

CVE-2019-0596 critical

CVE-2019-0632 warning

CVE-2019-0630 critical

CVE-2019-0598 critical

CVE-2019-0662 critical

CVE-2019-0663 warning

KB list

4487020

4487017

4486996

4487026

4487025

4487044

4487018

4487028

4487000

4486993

4489881

4489891

4489883

4489886

4489899

4489871

4489868

4489872

4489884

4489882

4493441

4493474

4493464

4493509

4493470

4493475

4493451

4493467

4493446

4493450

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1703 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for 64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1709 (Server Core Installation)Windows Server, version 1803 (Server Core Installation)

References

Related

mskb 21
kaspersky 1
nessus 11
openvas 12
cvelist 33
cve 31
nvd 31
prion 32
osv 3
talosblog 1
zdi 2
symantec 8
mscve 8
checkpoint_advisories 3
thn 1
veracode 1
mskb
mskb
February 12, 2019—KB4487023 (Monthly Rollup)
2019-02-12 08:00:00
February 12, 2019—KB4487028 (Security-only update)
2019-02-12 08:00:00
February 12, 2019—KB4487019 (Security-only update)
2019-02-12 08:00:00
kaspersky
kaspersky
KLA11879 Multiple vulnerabiltiies in Microsoft Products (ESU)
2019-02-12 00:00:00
nessus
nessus
KB4487017: Windows 10 Version 1803 and Windows Server Version 1803 February 2019 Security Update
2019-02-12 00:00:00
KB4486996: Windows 10 Version 1709 and Windows Server Version 1709 February 2019 Security Update
2019-02-12 00:00:00
KB4486993: Windows Server 2012 February 2019 Security Update
2019-02-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4486563)
2019-02-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4487000)
2019-02-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4487018)
2019-02-13 00:00:00
cvelist
cvelist
CVE-2019-0616
2019-03-06 00:00:00
CVE-2019-0599
2019-03-06 00:00:00
CVE-2019-0664
2019-03-06 00:00:00
cve
cve
CVE-2019-0615
2019-03-06 00:00:00
CVE-2019-0660
2019-03-06 00:00:00
CVE-2019-0619
2019-03-06 00:00:00
nvd
nvd
CVE-2019-0616
2019-03-05 23:29:00
CVE-2019-0619
2019-03-05 23:29:01
CVE-2019-0615
2019-03-05 23:29:00
prion
prion
Information disclosure
2019-03-05 23:29:00
Information disclosure
2019-03-05 23:29:00
Remote code execution
2019-03-05 23:29:00
osv
osv
CVE-2019-0627
2019-03-05 23:29:01
CVE-2019-0631
2019-03-05 23:29:01
CVE-2019-0632
2019-03-05 23:29:01
talosblog
talosblog
Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage
2019-02-12 11:55:00
zdi
zdi
Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
2019-02-12 00:00:00
Microsoft Access Database Engine ACEEXCL Use-After-Free Remote Code Execution Vulnerability
2019-02-12 00:00:00
symantec
symantec
Microsoft Windows Defender Firewall CVE-2019-0637 Local Security Bypass Vulnerability
2019-02-12 00:00:00
Microsoft Windows Kernel CVE-2019-0661 Local Information Disclosure Vulnerability
2019-02-12 00:00:00
Microsoft Windows GDI Component CVE-2019-0660 Information Disclosure Vulnerability
2019-02-12 00:00:00
mscve
mscve
Windows Kernel Information Disclosure Vulnerability
2019-02-12 08:00:00
Windows Kernel Elevation of Privilege Vulnerability
2019-02-12 08:00:00
Windows GDI Information Disclosure Vulnerability
2019-02-12 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Kernel Information Disclosure (CVE-2019-0661)
2019-02-12 00:00:00
Microsoft Graphics Device Interface Information Disclosure (CVE-2019-0602)
2019-11-26 00:00:00
Microsoft Windows Kernel Elevation of Privilege (CVE-2019-0656)
2019-02-12 00:00:00
thn
thn
Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws
2019-02-12 19:32:00
veracode
veracode
Authorization Bypass
2019-07-08 13:27:48

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.891

Percentile

98.8%

JSON
Related for KLA11418
mskb21kaspersky1nessus11openvas12cvelist33cve31nvd31prion32osv3talosblog1zdi2symantec8mscve8checkpoint_advisories3thn1veracode1