Vulnerabilities for Windows server 2012 (Microsoft) - CXSECURITY.COM

Vulnerabilities for 'Windows server 2012'

2019-06-12

CVE-2019-1053

CWE-264

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.

CVE-2019-1050

CWE-200

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049.

CVE-2019-1046

CWE-200

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.

CVE-2019-1045

CWE-264

An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory, aka 'Windows Network File System Elevation of Privilege Vulnerability'.

CVE-2019-1043

CWE-119

A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.

CVE-2019-1040

CWE-254

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.

CVE-2019-1039

CWE-200

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'.

CVE-2019-1028

CWE-264

An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027.

CVE-2019-1025

CWE-119

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

CVE-2019-1019

CWE-254

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.

Copyright 2019, cxsecurity.com