/Microsoft Windows Server 2019 : List of security vulnerabilities (via WindowsKernel.com)

Microsoft Windows Server 2019 : List of security vulnerabilities (via WindowsKernel.com)


# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.

1
CVE-2018-8637 200
Bypass +Info 2018-12-11 2019-01-03

2.1

None Local Low Not required Partial None None
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka “Win32k Information Disclosure Vulnerability.” This affects Windows 10 Servers, Windows 10, Windows Server 2019.

2
CVE-2018-8566 254
Bypass 2018-11-13 2018-12-17

2.1

None Local Low Not required Partial None None
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka “BitLocker Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

3
CVE-2018-8549 254
Bypass 2018-11-13 2018-12-17

2.1

None Local Low Not required None Partial None
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka “Windows Security Feature Bypass Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

4
CVE-2018-8492 254
Bypass 2018-10-10 2018-11-30

4.6

None Local Low Not required Partial Partial Partial
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

5
CVE-2018-8417 284
Bypass 2018-11-13 2018-12-20

4.6

None Local Low Not required Partial Partial Partial
A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka “Microsoft JScript Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

6
CVE-2018-8320 254
Bypass 2018-10-10 2018-11-23

4.0

None Remote Low Single system Partial None None
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka “Windows DNS Security Feature Bypass Vulnerability.” This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Total number of vulnerabilities : 6  
Page :
1
(This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

This is a syndicated post. Read the original post at Source link .