KLA11819 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely via specially crafted application to obtain sensitive information.
2. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
4. Unspecified Windows Communication Foundation can be exploited remotely to gain privileges.
5. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
6. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
7. An elevation of privilege vulnerability in Windows Audio Service can be exploited remotely via specially crafted application to gain privileges.
8. An elevation of privilege vulnerability in Windows RPCSS can be exploited remotely via specially crafted application to gain privileges.
9. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
10. An elevation of privilege vulnerability in Microsoft Windows can be exploited remotely to gain privileges.
11. An elevation of privilege vulnerability in Windows WLAN Service can be exploited remotely via specially crafted application to gain privileges.
12. A remote code execution vulnerability in Remote Desktop Services can be exploited remotely to execute arbitrary code.
13. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
14. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
15. An information disclosure vulnerability in DirectWrite can be exploited remotely via specially crafted document to obtain sensitive information.
16. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.

Original advisories

CVE-2019-1108

CVE-2019-1004

CVE-2019-1099

CVE-2019-1006

CVE-2019-1101

CVE-2019-1100

CVE-2019-1102

CVE-2019-1104

CVE-2019-1088

CVE-2019-1089

CVE-2019-1063

CVE-2019-1082

CVE-2019-1085

CVE-2019-0887

CVE-2019-1132

CVE-2019-1116

CVE-2019-1071

CVE-2019-1073

CVE-2019-1098

CVE-2019-1097

CVE-2019-1096

CVE-2019-1095

CVE-2019-1094

CVE-2019-1093

CVE-2019-1059

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-.NET-Framework

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

Microsoft-Edge

CVE list

CVE-2019-1116 warning

CVE-2019-1101 warning

CVE-2019-1099 warning

CVE-2019-1093 warning

CVE-2019-1108 warning

CVE-2019-1097 warning

CVE-2019-1089 high

CVE-2019-1095 warning

CVE-2019-1096 warning

CVE-2019-1100 warning

CVE-2019-1132 high

CVE-2019-1006 warning

CVE-2019-1088 warning

CVE-2019-1071 warning

CVE-2019-1094 warning

CVE-2019-1098 warning

CVE-2019-1102 critical

CVE-2019-1085 warning

CVE-2019-0887 critical

CVE-2019-1073 warning

CVE-2019-1082 high

CVE-2019-1063 critical

CVE-2019-1104 critical

CVE-2019-1059 critical

CVE-2019-1004 critical

KB list

4507456

4507449

4507452

4507461

4507434

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 2.0 Service Pack 2Windows 10 Version 1703 for x64-based SystemsMicrosoft .NET Framework 4.5.2Windows 7 for x64-based Systems Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server, version 1803 (Server Core Installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft.IdentityModel 7.0.0Microsoft .NET Framework 3.5 AND 4.8Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Microsoft SharePoint Foundation 2013 Service Pack 1Windows 8.1 for 32-bit systemsWindows Server 2012Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft .NET Framework 3.5.1Windows RT 8.1Microsoft Remote Desktop for AndroidMicrosoft .NET Framework 4.8Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 3.0 Service Pack 2Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 3.5Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Internet Explorer 9Windows 10 Version 1803 for x64-based SystemsWindows Server 2016Windows Server 2012 (Server Core installation)Microsoft SharePoint Enterprise Server 2016Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.6Windows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2016 (Server Core installation)Windows Server 2012 R2Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Windows 10 Version 1803 for ARM64-based SystemsMicrosoft Remote Desktop for IoSMicrosoft .NET Framework 3.5 AND 4.7.2Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2019Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Internet Explorer 10Internet Explorer 11Windows Server 2008 for Itanium-Based Systems Service Pack 2Microsoft SharePoint Server 2019Microsoft .NET Framework 4.6/4.6.1/4.6.2Windows 8.1 for x64-based systemsMicrosoft Edge (EdgeHTML-based)