SB2019111216 - Multiple vulnerabilities in Microsoft Windows kernel
Published: November 12, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-1392)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
2) Resource management error (CVE-ID: CVE-2019-11135)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the TSX Asynchronous Abort (TAA) in Intel CPUs. The TAA condition, on some microprocessors utilizing speculative execution, may allow an authenticated user to potentially enable information disclosure via a side channel.Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1392
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135
- https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort