NVD disclosure day
CVE-2019-1429
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
A scripting engine memory corruption vulnerability in Internet Explorer may allow attackers to execute arbitrary code. This could affect organizations by compromising systems and data. The realistic business risk is significant, requiring prompt attention.
CVE-2019-1405
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in the Windows UPnP service allows local attackers to gain elevated privileges by improperly creating COM objects. This could affect organizations by enabling unauthorized access and control over Windows systems. The realistic business risk involves potential data compromise and system disruption if exp
CVE-2019-1388
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An elevation of privilege vulnerability exists in the Windows Certificate Dialog due to improper enforcement of user privileges. This allows an attacker with local access to execute processes with elevated rights. This presents a business risk of unauthorized system control and data compromise.
CVE-2019-1385
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A privilege escalation vulnerability exists in Windows AppX Deployment Extensions, allowing an authenticated attacker with local access to elevate privileges and access system files. This poses a risk of unauthorized data access or modification. Organizations should apply vendor security updates to affected Windows sys