Windows Server version 1709
by Microsoft
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11830 | Med | 0.38 | 5.3 | 0.01 | Nov 15, 2017 | Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | ||
| CVE-2019-1069 | 0.21 | — | 0.33 | KEV | Jun 12, 2019 | An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would… | ||
| CVE-2019-1064 | 0.19 | — | 0.12 | KEV | Jun 12, 2019 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view,… | ||
| CVE-2019-1040 | 0.07 | — | 0.90 | Jun 12, 2019 | A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security… | |||
| CVE-2019-0948 | 0.06 | — | 0.41 | Jun 12, 2019 | An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external… | |||
| CVE-2019-0888 | 0.05 | — | 0.57 | Jun 12, 2019 | A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that… | |||
| CVE-2019-1019 | 0.03 | — | 0.03 | Jun 12, 2019 | A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this… | |||
| CVE-2019-0943 | 0.03 | — | 0.04 | Jun 12, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then… | |||
| CVE-2019-0709 | 0.03 | — | 0.37 | Jun 12, 2019 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating… | |||
| CVE-2020-17022 | 0.01 | — | 0.11 | Oct 16, 2020 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program… | |||
| CVE-2020-1319 | 0.01 | — | 0.12 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,… | |||
| CVE-2020-1585 | 0.01 | — | 0.17 | Aug 17, 2020 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or… | |||
| CVE-2019-1050 | 0.01 | — | 0.13 | Jun 12, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an… | |||
| CVE-2019-1025 | 0.01 | — | 0.17 | Jun 12, 2019 | A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected… | |||
| CVE-2019-1046 | 0.01 | — | 0.13 | Jun 12, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an… | |||
| CVE-2019-1012 | 0.01 | — | 0.13 | Jun 12, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an… | |||
| CVE-2019-1010 | 0.01 | — | 0.13 | Jun 12, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an… | |||
| CVE-2019-0906 | 0.01 | — | 0.09 | Jun 12, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… | |||
| CVE-2019-0904 | 0.01 | — | 0.10 | Jun 12, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… | |||
| CVE-2019-0905 | 0.01 | — | 0.10 | Jun 12, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… |
- risk 0.38cvss 5.3epss 0.01
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".
- risk 0.21cvss —epss 0.33
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would…
- risk 0.19cvss —epss 0.12
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view,…
- CVE-2019-1040Jun 12, 2019risk 0.07cvss —epss 0.90
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security…
- CVE-2019-0948Jun 12, 2019risk 0.06cvss —epss 0.41
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external…
- CVE-2019-0888Jun 12, 2019risk 0.05cvss —epss 0.57
A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that…
- CVE-2019-1019Jun 12, 2019risk 0.03cvss —epss 0.03
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this…
- CVE-2019-0943Jun 12, 2019risk 0.03cvss —epss 0.04
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then…
- CVE-2019-0709Jun 12, 2019risk 0.03cvss —epss 0.37
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…
- CVE-2020-17022Oct 16, 2020risk 0.01cvss —epss 0.11
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program…
- CVE-2020-1319Sep 11, 2020risk 0.01cvss —epss 0.12
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…
- CVE-2020-1585Aug 17, 2020risk 0.01cvss —epss 0.17
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or…
- CVE-2019-1050Jun 12, 2019risk 0.01cvss —epss 0.13
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an…
- CVE-2019-1025Jun 12, 2019risk 0.01cvss —epss 0.17
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected…
- CVE-2019-1046Jun 12, 2019risk 0.01cvss —epss 0.13
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an…
- CVE-2019-1012Jun 12, 2019risk 0.01cvss —epss 0.13
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an…
- CVE-2019-1010Jun 12, 2019risk 0.01cvss —epss 0.13
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an…
- CVE-2019-0906Jun 12, 2019risk 0.01cvss —epss 0.09
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
- CVE-2019-0904Jun 12, 2019risk 0.01cvss —epss 0.10
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
- CVE-2019-0905Jun 12, 2019risk 0.01cvss —epss 0.10
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
Page 1 of 3