Microsoft: >> Windows Server 2008 >> r2 Security Vulnerabilities
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
CVSS Score
6.5
EPSS Score
0.296
Published
2019-06-12
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.
The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
CVSS Score
6.5
EPSS Score
0.173
Published
2019-06-12
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.
A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-06-12
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
CVSS Score
8.8
EPSS Score
0.13
Published
2019-06-12
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
CVSS Score
7.5
EPSS Score
0.032
Published
2019-05-16
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882.
CVSS Score
6.5
EPSS Score
0.253
Published
2019-05-16
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
CVSS Score
7.5
EPSS Score
0.032
Published
2019-05-16
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.
CVSS Score
6.5
EPSS Score
0.207
Published
2019-05-16
An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-05-16
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
CVSS Score
7.5
EPSS Score
0.465
Published
2019-05-16