Microsoft: >> Windows 10 1507 Security Vulnerabilities
CVE-2019-1429
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Known exploited
CVSS Score
7.5
EPSS Score
0.823
Published
2019-11-12
CVE-2019-1405
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.536
Published
2019-11-12
CVE-2019-1388
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.115
Published
2019-11-12
CVE-2019-1214
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.037
Published
2019-09-11
CVE-2019-1215
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
Known exploited
CVSS Score
7.8
EPSS Score
0.081
Published
2019-09-11
CVE-2019-1130
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
Known exploited
CVSS Score
7.8
EPSS Score
0.019
Published
2019-07-15
CVE-2019-0880
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.041
Published
2019-07-15
CVE-2019-1069
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.
To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.
The security update addresses the vulnerability by correctly validating file operations.
Known exploited
CVSS Score
7.8
EPSS Score
0.305
Published
2019-06-12
CVE-2019-0903
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Known exploited
CVSS Score
8.8
EPSS Score
0.344
Published
2019-05-16
CVE-2019-0863
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.073
Published
2019-05-16