Microsoft: >> Windows 10 1803 Security Vulnerabilities
CVE-2019-1069
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.
To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.
The security update addresses the vulnerability by correctly validating file operations.
Known exploited
CVSS Score
7.8
EPSS Score
0.317
Published
2019-06-12
CVE-2019-0903
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Known exploited
CVSS Score
8.8
EPSS Score
0.507
Published
2019-05-16
CVE-2019-0863
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.135
Published
2019-05-16
CVE-2019-0859
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
Known exploited
CVSS Score
7.8
EPSS Score
0.102
Published
2019-04-09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.
CVSS Score
7.5
EPSS Score
0.083
Published
2019-04-09
CVE-2019-0841
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
Known exploited
CVSS Score
7.8
EPSS Score
0.861
Published
2019-04-09
CVE-2019-0752
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
Known exploited
CVSS Score
7.5
EPSS Score
0.92
Published
2019-04-09
CVE-2019-0797
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.
Known exploited
CVSS Score
7.8
EPSS Score
0.03
Published
2019-04-09
CVE-2019-0703
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
Known exploited
CVSS Score
6.5
EPSS Score
0.088
Published
2019-04-09
CVE-2019-0676
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
Known exploited
CVSS Score
6.5
EPSS Score
0.296
Published
2019-03-05