Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2019-0797 FruityArmor, SandCat Exploiting Microsoft Win32k Flaw
March 14, 2019Rewterz Threat Advisory – Microsoft Windows Server 2008 / Windows 7 Multiple Vulnerabilities
March 18, 2019
Severity
High
Analysis Summary
CVE-2019-0615
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0630
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
CVE-2019-0602
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0597
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0662
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.
CVE-2019-0661
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’.
CVE-2019-0635
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Information Disclosure Vulnerability’.
CVE-2019-0636
An information vulnerability exists when Windows improperly discloses file information, aka ‘Windows Information Disclosure Vulnerability’.
CVE-2019-0618
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.
CVE-2019-0619
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0656
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.
CVE-2019-0595
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0600
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka ‘HID Information Disclosure Vulnerability’.
CVE-2019-0633
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
CVE-2019-0601
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka ‘HID Information Disclosure Vulnerability’.
CVE-2019-0663
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’.
CVE-2019-0664
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0628
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’.
CVE-2019-0599
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0596
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0621
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’.
CVE-2019-0660
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0598
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0616
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0625
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0623
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’.
CVE-2019-0626
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka ‘Windows DHCP Server Remote Code Execution Vulnerability’.
Impact
- System access
- Privilege escalation
- Exposure of sensitive information
Affected Products
Microsoft Windows Server 2012
Windows RT 8.1
Microsoft Windows 8
Remediation
Vendor has released updates for the following products.
Windows 8.1 for 32-bit systems (KB4489881):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489881
Windows Server 2012 (KB4489891):
Windows Server 2012 (Server Core installation) (KB4489891):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489891
Windows RT 8.1 (KB4489881):
Apply update (please see the vendor’s service database for details).
Windows 8.1 for x64-based systems (KB4489881):
Windows Server 2012 R2 (KB4489881):
Windows Server 2012 R2 (Server Core installation) (KB4489881):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489881
Windows Server 2012 (KB4489884):
Windows Server 2012 (Server Core installation) (KB4489884):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489884
Windows 8.1 for x64-based systems (KB4489883):
Windows Server 2012 R2 (KB4489883):
Windows Server 2012 R2 (Server Core installation) (KB4489883):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489883
Windows 8.1 for 32-bit systems (KB4489883):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489883