Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Microsoft SharePoint Server 2010 / 2019 Multiple Vulnerabilities
March 18, 2019Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 18, 2019
Severity
High
Analysis Summary
Following vulnerabilities have been found in Microsoft Windows Server 2016 and Windows !0.
CVE-2019-0615
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0627
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ‘Windows Security Feature Bypass Vulnerability’.
CVE-2019-0663
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’.
CVE-2019-0630
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
CVE-2019-0602
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0626
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka ‘Windows DHCP Server Remote Code Execution Vulnerability’.
CVE-2019-0600
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka ‘HID Information Disclosure Vulnerability’.
CVE-2019-0597
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0616
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0595
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0618
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.
CVE-2019-0601
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka ‘HID Information Disclosure Vulnerability’.
CVE-2019-0599
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0633
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
CVE-2019-0636
An information vulnerability exists when Windows improperly discloses file information, aka ‘Windows Information Disclosure Vulnerability’.
CVE-2019-0659
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka ‘Windows Storage Service Elevation of Privilege Vulnerability’.
CVE-2019-0621
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’.
CVE-2019-0635
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Information Disclosure Vulnerability’.
CVE-2019-0625
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0596
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0619
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0656
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.
CVE-2019-0662
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.
CVE-2019-0637
A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, aka ‘Windows Defender Firewall Security Feature Bypass Vulnerability’.
CVE-2019-0628
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’.
CVE-2019-0598
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0660
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.\\
CVE-2019-0623
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’.
CVE-2019-0632
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ‘Windows Security Feature Bypass Vulnerability’.
CVE-2019-0631
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ‘Windows Security Feature Bypass Vulnerability’.
Impact
- System access
- Privilege escalation
- Exposure of sensitive information
- Security Bypass
Affected Products
Microsoft Windows 10
Microsoft Windows Server 2016
Remediation
Apply update.
- Windows 10 Version 1709 for 32-bit Systems (KB4489886):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489886 - Windows 10 Version 1703 for 32-bit Systems (KB4489871):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489871 - Windows 10 Version 1803 for ARM64-based Systems (KB4489868):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489868 - Windows 10 Version 1803 for x64-based Systems (KB4489868):
- Windows Server, version 1803 (Server Core Installation) (KB4489868):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489868 - Windows 10 Version 1803 for 32-bit Systems (KB4489868):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489868 - Windows 10 Version 1703 for x64-based Systems (KB4489871):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489871 - Windows 10 for x64-based Systems (KB4489872):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489872 - Windows 10 for 32-bit Systems (KB4489872):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489872 - Windows Server 2016 (KB4489882):
- Windows 10 Version 1607 for x64-based Systems (KB4489882):
- Windows Server 2016 (Server Core installation) (KB4489882):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489882 - Windows 10 Version 1607 for 32-bit Systems (KB4489882):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489882 - Windows 10 Version 1709 for ARM64-based Systems (KB4489886):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489886 - Windows 10 Version 1709 for x64-based Systems (KB4489886):
- Windows Server, version 1709 (Server Core Installation) (KB4489886):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489886 - Windows 10 Version 1809 for ARM64-based Systems (KB4489899):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489899 - Windows 10 Version 1809 for x64-based Systems (KB4489899):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489899 - Windows 10 Version 1809 for 32-bit Systems (KB4489899):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489899 - Windows 10 for x64-based Systems (KB4093430):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4093430 - Windows 10 for 32-bit Systems (KB4093430):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4093430 - Windows Server 2016 (KB4485447):
- Windows 10 Version 1607 for x64-based Systems (KB4485447):
- Windows Server 2016 (Server Core installation) (KB4485447):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485447 - Windows 10 Version 1607 for 32-bit Systems (KB4485447):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485447 - Windows 10 Version 1709 for ARM64-based Systems (KB4485448):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485448 - Windows 10 Version 1709 for x64-based Systems (KB4485448):
- Windows Server, version 1709 (Server Core Installation) (KB4485448):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485448 - Windows 10 Version 1709 for 32-bit Systems (KB4485448):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485448 - Windows 10 Version 1803 for ARM64-based Systems (KB4485449):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485449 - Windows 10 Version 1803 for x64-based Systems (KB4485449):
- Windows Server, version 1803 (Server Core Installation) (KB4485449):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485449 - Windows 10 Version 1803 for 32-bit Systems (KB4485449):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485449 - Windows 10 Version 1703 for x64-based Systems (KB4487327):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4487327 - Windows 10 Version 1703 for 32-bit Systems (KB4487327):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4487327