March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Microsoft SharePoint Server 2010 / 2019 Multiple Vulnerabilities
March 18, 2019
Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 18, 2019
Rewterz Threat Advisory – Microsoft SharePoint Server 2010 / 2019 Multiple Vulnerabilities
March 18, 2019
Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 18, 2019
Severity
High
Analysis Summary
Following vulnerabilities have been found in Microsoft Windows Server 2016 and Windows !0.
CVE-2019-0615
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0627
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ‘Windows Security Feature Bypass Vulnerability’.
CVE-2019-0663
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’.
CVE-2019-0630
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
CVE-2019-0602
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0626
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka ‘Windows DHCP Server Remote Code Execution Vulnerability’.
CVE-2019-0600
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka ‘HID Information Disclosure Vulnerability’.
CVE-2019-0597
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0616
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0595
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0618
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.
CVE-2019-0601
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka ‘HID Information Disclosure Vulnerability’.
CVE-2019-0599
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0633
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’.
CVE-2019-0636
An information vulnerability exists when Windows improperly discloses file information, aka ‘Windows Information Disclosure Vulnerability’.
CVE-2019-0659
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka ‘Windows Storage Service Elevation of Privilege Vulnerability’.
CVE-2019-0621
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’.
CVE-2019-0635
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Information Disclosure Vulnerability’.
CVE-2019-0625
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0596
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0619
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
CVE-2019-0656
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.
CVE-2019-0662
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.
CVE-2019-0637
A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, aka ‘Windows Defender Firewall Security Feature Bypass Vulnerability’.
CVE-2019-0628
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’.
CVE-2019-0598
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.
CVE-2019-0660
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.\\
CVE-2019-0623
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’.
CVE-2019-0632
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ‘Windows Security Feature Bypass Vulnerability’.
CVE-2019-0631
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ‘Windows Security Feature Bypass Vulnerability’.
Impact
- System access
- Privilege escalation
- Exposure of sensitive information
- Security Bypass
Affected Products
Microsoft Windows 10
Microsoft Windows Server 2016
Remediation
Apply update.
- Windows 10 Version 1709 for 32-bit Systems (KB4489886):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489886 - Windows 10 Version 1703 for 32-bit Systems (KB4489871):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489871 - Windows 10 Version 1803 for ARM64-based Systems (KB4489868):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489868 - Windows 10 Version 1803 for x64-based Systems (KB4489868):
- Windows Server, version 1803 (Server Core Installation) (KB4489868):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489868 - Windows 10 Version 1803 for 32-bit Systems (KB4489868):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489868 - Windows 10 Version 1703 for x64-based Systems (KB4489871):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489871 - Windows 10 for x64-based Systems (KB4489872):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489872 - Windows 10 for 32-bit Systems (KB4489872):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489872 - Windows Server 2016 (KB4489882):
- Windows 10 Version 1607 for x64-based Systems (KB4489882):
- Windows Server 2016 (Server Core installation) (KB4489882):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489882 - Windows 10 Version 1607 for 32-bit Systems (KB4489882):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489882 - Windows 10 Version 1709 for ARM64-based Systems (KB4489886):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489886 - Windows 10 Version 1709 for x64-based Systems (KB4489886):
- Windows Server, version 1709 (Server Core Installation) (KB4489886):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489886 - Windows 10 Version 1809 for ARM64-based Systems (KB4489899):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489899 - Windows 10 Version 1809 for x64-based Systems (KB4489899):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489899 - Windows 10 Version 1809 for 32-bit Systems (KB4489899):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4489899 - Windows 10 for x64-based Systems (KB4093430):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4093430 - Windows 10 for 32-bit Systems (KB4093430):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4093430 - Windows Server 2016 (KB4485447):
- Windows 10 Version 1607 for x64-based Systems (KB4485447):
- Windows Server 2016 (Server Core installation) (KB4485447):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485447 - Windows 10 Version 1607 for 32-bit Systems (KB4485447):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485447 - Windows 10 Version 1709 for ARM64-based Systems (KB4485448):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485448 - Windows 10 Version 1709 for x64-based Systems (KB4485448):
- Windows Server, version 1709 (Server Core Installation) (KB4485448):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485448 - Windows 10 Version 1709 for 32-bit Systems (KB4485448):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485448 - Windows 10 Version 1803 for ARM64-based Systems (KB4485449):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485449 - Windows 10 Version 1803 for x64-based Systems (KB4485449):
- Windows Server, version 1803 (Server Core Installation) (KB4485449):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485449 - Windows 10 Version 1803 for 32-bit Systems (KB4485449):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4485449 - Windows 10 Version 1703 for x64-based Systems (KB4487327):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4487327 - Windows 10 Version 1703 for 32-bit Systems (KB4487327):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4487327