Test ID:	1.3.6.1.4.1.25623.1.0.814694
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows Multiple Vulnerabilities (KB4489871)
Summary:	This host is missing a critical security; update according to Microsoft KB4489871
Description:	Summary: This host is missing a critical security update according to Microsoft KB4489871 Vulnerability Insight: Multiple flaws exist due to: - Microsoft Edge does not properly enforce cross-domain policies. - The scripting engine improperly handles objects in memory in Microsoft browsers. - Click2Play protection in Microsoft Edge improperly handles flash objects. - The Chakra scripting engine handles objects in memory in Microsoft Edge. - Windows Jet Database Engine improperly handles objects in memory. - Windows GDI component improperly discloses the contents of its memory. - Windows kernel improperly handles objects in memory. - The win32k component improperly provides kernel information. - Microsoft XML Core Services MSXML parser improperly processes user input. - Windows Print Spooler does not properly handle objects in memory. - Microsoft Edge improperly accesses objects in memory. - Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. - Windows kernel fails to properly handle objects in memory. - An error in way Windows SMB Server handles certain requests. - Windows AppX Deployment Server that allows file creation in arbitrary locations. - Windows kernel improperly initializes objects in memory. - Internet Explorer improperly accesses objects in memory. - Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. - An error in the ActiveX Data objects (ADO) handles objects in memory. - An integer overflow in Windows Subsystem for Linux. Vulnerability Impact: Successful exploitation will allow an attacker to elevate privileges, run arbitrary code on a target system, gain access to potentially sensitive data, causes a host machine to crash and bypass security restrictions. Affected Software/OS: Microsoft Windows 10 Version 1703 x32/x64. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-0609 Common Vulnerability Exposure (CVE) ID: CVE-2019-0782 Common Vulnerability Exposure (CVE) ID: CVE-2019-0783 Common Vulnerability Exposure (CVE) ID: CVE-2019-0784 Common Vulnerability Exposure (CVE) ID: CVE-2019-0611 Common Vulnerability Exposure (CVE) ID: CVE-2019-0612 Common Vulnerability Exposure (CVE) ID: CVE-2019-0614 Common Vulnerability Exposure (CVE) ID: CVE-2019-0617 Common Vulnerability Exposure (CVE) ID: CVE-2019-0797 Common Vulnerability Exposure (CVE) ID: CVE-2019-0821 Common Vulnerability Exposure (CVE) ID: CVE-2019-0680 Common Vulnerability Exposure (CVE) ID: CVE-2019-0682 Common Vulnerability Exposure (CVE) ID: CVE-2019-0690 Common Vulnerability Exposure (CVE) ID: CVE-2019-0695 Common Vulnerability Exposure (CVE) ID: CVE-2019-0696 Common Vulnerability Exposure (CVE) ID: CVE-2019-0702 Common Vulnerability Exposure (CVE) ID: CVE-2019-0703 Common Vulnerability Exposure (CVE) ID: CVE-2019-0704 Common Vulnerability Exposure (CVE) ID: CVE-2019-0746 Common Vulnerability Exposure (CVE) ID: CVE-2019-0754 Common Vulnerability Exposure (CVE) ID: CVE-2019-0755 http://packetstormsecurity.com/files/153407/Microsoft-Windows-CmpAddRemoveContainerToCLFSLog-Arbitrary-File-Directory-Creation.html http://packetstormsecurity.com/files/153408/Microsoft-Windows-Font-Cache-Service-Insecure-Sections.html Common Vulnerability Exposure (CVE) ID: CVE-2019-0756 Common Vulnerability Exposure (CVE) ID: CVE-2019-0759 Common Vulnerability Exposure (CVE) ID: CVE-2019-0761 Common Vulnerability Exposure (CVE) ID: CVE-2019-0763 Common Vulnerability Exposure (CVE) ID: CVE-2019-0765 Common Vulnerability Exposure (CVE) ID: CVE-2019-0766 Common Vulnerability Exposure (CVE) ID: CVE-2019-0767 Common Vulnerability Exposure (CVE) ID: CVE-2019-0769 Common Vulnerability Exposure (CVE) ID: CVE-2019-0770 Common Vulnerability Exposure (CVE) ID: CVE-2019-0771 Common Vulnerability Exposure (CVE) ID: CVE-2019-0772 Common Vulnerability Exposure (CVE) ID: CVE-2019-0773 Common Vulnerability Exposure (CVE) ID: CVE-2019-0774 Common Vulnerability Exposure (CVE) ID: CVE-2019-0775 Common Vulnerability Exposure (CVE) ID: CVE-2019-0776 Common Vulnerability Exposure (CVE) ID: CVE-2019-0779 Common Vulnerability Exposure (CVE) ID: CVE-2019-0780 Common Vulnerability Exposure (CVE) ID: CVE-2019-0665 Common Vulnerability Exposure (CVE) ID: CVE-2019-0666 Common Vulnerability Exposure (CVE) ID: CVE-2019-0667 Common Vulnerability Exposure (CVE) ID: CVE-2019-0678 Common Vulnerability Exposure (CVE) ID: CVE-2019-0601 BugTraq ID: 106883 http://www.securityfocus.com/bid/106883
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.