Beschreibung: | Summary: This host is missing a critical security update according to Microsoft KB4519338
Vulnerability Insight: Multiple flaws exist due to:
- Microsoft Browsers does not properly parse HTTP content.
- Microsoft XML Core Services MSXML parser improperly processes user input.
- Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
- Windows kernel improperly handles objects in memory.
- Windows Error Reporting (WER) improperly handles and executes files.
- Microsoft Windows Update Client does not properly handle privileges.
- Windows Error Reporting manager improperly handles hard links.
- Microsoft browsers improperly handle requests of different origins.
Please see the references for more information about the vulnerabilities.
Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code in kernel mode, obtain information to further compromise a user's system, elevate permissions and create a denial of service condition causing the target system to become unresponsive.
Affected Software/OS: - Microsoft Windows 10 Version 1809 for x64-based Systems
- Microsoft Windows Server 2019
- Microsoft Windows 10 Version 1809 for 32-bit Systems
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|