SECUI Corporation


	Korean

<< Back

VID	26834
Severity	40
Port	139,445
Protocol	TCP
Class	SMB
Detailed Description	Microsoft Security Update for September 2019 is not installed. - An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235) - An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282) - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274) - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2019-1283) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250) - An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267) - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280) - An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. (CVE-2019-1293) * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: https://support.microsoft.com/en-us/help/4009469 https://support.microsoft.com/en-us/help/4009470 https://support.microsoft.com/en-us/help/4009471 https://support.microsoft.com/en-us/help/4000825 * Platforms Affected: Windows Server 2008 SP2 Windows Server 2008 x64 SP2 Windows 7 SP1 Windows 7 x64 SP1 Windows Server 2008 R2 SP1 Windows Server 2008 R2 x64 SP1 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Windows 10 Windows Server 2016
Recommendation	Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin September 2019 Microsoft security update at https://support.microsoft.com/en-us/help/4009469 https://support.microsoft.com/en-us/help/4009470 https://support.microsoft.com/en-us/help/4009471 https://support.microsoft.com/en-us/help/4000825 -- OR -- Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch.
Related URL	CVE-2019-1208,CVE-2019-1214,CVE-2019-1215,CVE-2019-1216,CVE-2019-1219,CVE-2019-1220,CVE-2019-1221,CVE-2019-1235,CVE-2019-1236,CVE-2019-1240 (CVE)
Related URL	(SecurityFocus)
Related URL	(ISS)