Vulnerability

CERT-In Vulnerability Note CIVN-2019-0199
Multiple Vulnerabilities in Microsoft Windows

Original Issue Date:December 13, 2019

Severity Rating: HIGH

Software Affected

Microsoft Windows 10 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1607 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1703 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1709 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1803 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1809 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1903 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1909 for 32-bit Systems and x64-based Systems
Microsoft Windows 10 Version 1709 for ARM64-based Systems
Microsoft Windows 10 Version 1803 for ARM64-based Systems
Microsoft Windows 10 Version 1809 for ARM64-based Systems
Microsoft Windows 10 Version 1903 for x64-based Systems
Microsoft Windows 10 Version 1909 for ARM64-based Systems
Microsoft Windows 8.1 for 32-bit systems and x64-based systems
Microsoft Windows RT 8.1
Microsoft Windows Server 1803
Microsoft Windows Server 1903
Microsoft Windows Server 1909
Microsoft Windows 7 for 32-bit Systems SP1 and x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2 and x64-based Systems SP2
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-Based Systems SP1
Microsoft Windows Server 2008 for Itanium-Based Systems SP 2
Microsoft Hyper-V
Microsoft Windows Server 2008 R2 for x64-based Systems SP 1 (Server Core installation)
Microsoft Windows Server 2008 for x64-based Systems SP2 (Server Core installation)
Microsoft Windows Server 2008 for 32-bit Systems SP2 and x64-based Systems SP2 (Server Core installation)
Microsoft Windows Server 2012 and Microsoft Windows Server 2012 (Server Core installation)
Microsoft Windows Server 2012 R2 and Microsoft Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Server 2016 and Microsoft Windows Server 2016 (Server Core installation)
Microsoft Windows Server version 1803 (Server Core Installation)
Microsoft Windows Server, version 1903 (Server Core installation)
Microsoft Windows Server 2019 and Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server version 1709 (Server Core Installation)

Overview

Multiple vulnerabilities have been reported in Microsoft Windows which could allow an attacker to bypass security restrictions, access sensitive information, cause denial of service (DoS) condition and execute arbitrary code on the targeted system.

Description

1. Microsoft Windows Win32k Privilege Escalation Vulnerability ( CVE-2019-1458   )

This vulnerability exists in Microsoft windows due to improper handling of objects in memory. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.

2. Microsoft Windows Win32k Information Disclosure Vulnerability ( CVE-2019-1469   )

This vulnerability exists when the win32k component improperly provides kernel information. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

3. Microsoft Windows Hyper-V Information Disclosure Vulnerability ( CVE-2019-1470   )

This vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

4. Microsoft Windows Hyper-V Remote Code Execution Vulnerability ( CVE-2019-1471   )

This vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. A remote attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute remote code on the targeted system.

5. Microsoft Windows Kernel Information Disclosure Vulnerability ( CVE-2019-1474   )

This vulnerability exists in Microsoft windows due to the improper handling of objects in memory. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.

6. Microsoft Windows Printer Service Privilege Escalation Vulnerability ( CVE-2019-1477   )

This vulnerability exists in Microsoft windows due to a boundary error when the Windows Printer Service improperly validates file paths while loading printer drivers. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.

7. Microsoft Windows COM Server Privilege Escalation Vulnerability ( CVE-2019-1478   )

This vulnerability exists in Microsoft windows due to the improper handling of COM object creation. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.

8. Microsoft Windows GDI Information Disclosure Vulnerability ( CVE-2019-1466   CVE-2019-1465   CVE-2019-1467   )

These vulnerabilities exist when the Windows GDI component improperly discloses the contents of its memory. A remote attacker could exploit this vulnerability by convincing a user to open a specially crafted document on the affected system. Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

9. Microsoft Windows Kernel Information Disclosure Vulnerability ( CVE-2019-1472   )

This vulnerability exists when the Windows kernel improperly handles objects in memory. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

10. Microsoft Win32k Graphics Remote Code Execution Vulnerability ( CVE-2019-1468   )

This vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. A remote attacker could exploit this vulnerability by hosting a specially crafted website on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute remote code on the targeted system.

11. Microsoft Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability ( CVE-2019-1453   )

This vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. A remote attacker could exploit this vulnerability by sending a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to cause denial of service on the targeted system.

12. Privilege escalation vulnerability in Microsoft Windows AppX Deployment Server ( CVE-2019-1476   CVE-2019-1483   )

These vulnerabilities exist in Microsoft windows due to an error in junctions handling within the Windows AppX Deployment Server. A local attacker could exploit this vulnerability by running a specially crafted application on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.

13. Microsoft Defender Security Feature Bypass Vulnerability ( CVE-2019-1488   )

This vulnerability exists in Microsoft windows due to the Microsoft Defender improperly handles specific buffers. A remote attacker could exploit this vulnerability by bypassing certain security restrictions and perform unauthorized actions on the affected system. Successful exploitation of this vulnerability could allow the attacker to bypass security features on the targeted system.

14. Microsoft Windows Media Player Information Disclosure Vulnerability ( CVE-2019-1481   CVE-2019-1480   )

These vulnerabilities exist in Microsoft windows due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by creating a specially crafted media file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system. Successful exploitation of these vulnerabilities could allow the attacker to access sensitive information on the targeted system.

15. Microsoft Windows OLE Remote Code Execution Vulnerability ( CVE-2019-1484   )

This vulnerability exists in Microsoft windows due to insufficient validation of user-supplied input in Microsoft Windows OLE implementation. A remote attacker could exploit this vulnerability by opening a specially crafted file on the affected system. Successful exploitation of this vulnerability could allow the attacker to execute remote code on the targeted system.

Solution

Apply appropriate software fixes as available on the vendor website.
https://portal.msrc.microsoft.com/en-US/security-guidance

Vendor Information

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance

References

CVE Name
CVE-2019-1458
CVE-2019-1469
CVE-2019-1470
CVE-2019-1471
CVE-2019-1474
CVE-2019-1477
CVE-2019-1478
CVE-2019-1465
CVE-2019-1472
CVE-2019-1467
CVE-2019-1468
CVE-2019-1453
CVE-2019-1483
CVE-2019-1476
CVE-2019-1488
CVE-2019-1466
CVE-2019-1480
CVE-2019-1481
CVE-2019-1484

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India