Virus & Amaran Keselamatan
| Nama Kelemahan | Keterukan | Tarikh Penasihat |
|---|---|---|
| December 2019 - Microsoft Releases Security Patches |
Microsoft addresses several vulnerabilities in its December security bulletin. Trend Micro Deep Security covers the following: CVE-2019-0617 - Jet Database Engine Remote Code Execution Vulnerability Risk Rating: Important This remote code execution vulnerability exists in the Windows Jet Database engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file. CVE-2019-1485 - VBScript Remote Code Execution Vulnerability Risk Rating: Important This remote code execution vulnerability exists in the improper handling of objects in memory by VBScript engine. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted. CVE-2019-0853 - GDI Remote Code Execution Vulnerability Risk Rating: Critical This remote code execution vulnerability exists in the improper handling of objects by the Windows Graphics Device Interface (GDI). Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file via file-sharing. CVE-2019-1458 - Win32k Elevation of Privilege Vulnerability Risk Rating: Important This elevation of privilege vulnerability exists in the improper handling of objects by the the Win32k component in Windows. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted application. CVE-2019-1439 - Windows GDI Information Disclosure Vulnerability Risk Rating: Important This information disclosure vulnerability exists in the improper handling of objects in memory by the Windows GDI component. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document. CVE-2019-1117 - DirectWrite Remote Code Execution Vulnerability Risk Rating: Important This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document. CVE-2019-1118 - DirectWrite Remote Code Execution Vulnerability Risk Rating: Important This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document. CVE-2019-1119 - DirectWrite Remote Code Execution Vulnerability Risk Rating: Important This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document. CVE-2019-0959 - Windows Common Log File System Driver Elevation of Privilege Vulnerability Risk Rating: Important This elevation of privilege vulnerability exists in the improper handling of objects in memory by the Windows Common Log File System. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted application. Read More |
11/12/2019 |
| November 2019 - Microsoft Releases Security Patches |
Microsoft addresses several vulnerabilities in its November security bulletin. Trend Micro Deep Security covers the following: CVE-2019-1390 - BScript Remote Code Execution Vulnerability Risk Rating: Critical This remote code execution vulnerability exists in the VBScript engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted. CVE-2019-1429 - Scripting Engine Memory Corruption Vulnerability Risk Rating: Critical This elevation of privilege vulnerability exists in the improper handling of objects in memory by the scripting engine in Internet Explorer. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted. CVE-2019-1359 - Jet Database Engine Remote Code Execution Vulnerability Risk Rating: Critical This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file. CVE-2019-1358 - Jet Database Engine Remote Code Execution Vulnerability Risk Rating: Critical This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file. CVE-2019-1311 - Windows Imaging API Remote Code Execution Vulnerability Risk Rating: Important This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Imaging API. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted .WIM file. Read More |
12/11/2019 |
| February 2016 - Microsoft Releases 13 Security Advisories |
Microsoft addresses the following vulnerabilities in its February batch of patches: (MS16-009) Cumulative Security Update for Internet Explorer (3134220) Risk Rating: Critical This security update resolves several vulnerabilities in Internet Explorer.The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. Read More |
05/11/2019 |
| March 2016 - Microsoft Releases 13 Security Advisories |
Microsoft addresses the following vulnerabilities in its March batch of patches: (MS16-023) Cumulative Security Update for Internet Explorer (3142015) Risk Rating: Critical This security update resolves several vulnerabilities in Internet Explorer.The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. Read More |
05/11/2019 |
| Adobe Flash Player Vulnerability (CVE-2016-1019) |
This vulnerability, tagged as ‘critical’ is found in Adobe Flash Player 21.0. Read More |
05/11/2019 |
