Beschreibung
Multiple vulnerabilities were found in Microsoft Extended Security Updates. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Windows Imaging Component can be exploited remotely via specially crafted website to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Hard Link can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges.
- An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Background Intelligent Transfer Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Language Pack Installer can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Connected User Experiences and Telemetry Service can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows Graphics Component can be exploited remotely via specially crafted document to obtain sensitive information.
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
- A tampering vulnerability in Microsoft IIS Server can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
Ursprüngliche Informationshinweise
- CVE-2020-0832
- CVE-2020-0853
- CVE-2020-0877
- CVE-2020-0874
- CVE-2020-0871
- CVE-2020-0769
- CVE-2020-0849
- CVE-2020-0879
- CVE-2020-0788
- CVE-2020-0781
- CVE-2020-0783
- CVE-2020-0785
- CVE-2020-0787
- CVE-2020-0684
- CVE-2020-0806
- CVE-2020-0804
- CVE-2020-0803
- CVE-2020-0802
- CVE-2020-0822
- CVE-2020-0843
- CVE-2020-0842
- CVE-2020-0847
- CVE-2020-0860
- CVE-2020-0845
- CVE-2020-0844
- CVE-2020-0887
- CVE-2020-0885
- CVE-2020-0883
- CVE-2020-0882
- CVE-2020-0881
- CVE-2020-0880
- CVE-2020-0774
- CVE-2020-0645
- CVE-2020-0771
- CVE-2020-0770
- CVE-2020-0773
- CVE-2020-0772
- CVE-2020-0779
- CVE-2020-0778
- CVE-2020-0791
Ausnutzung
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Betroffene Produkte
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
CVE Liste
- CVE-2020-0832 critical
- CVE-2020-0847 critical
- CVE-2020-0779 high
- CVE-2020-0814 critical
- CVE-2020-0788 critical
- CVE-2020-0853 high
- CVE-2020-0877 critical
- CVE-2020-0874 high
- CVE-2020-0871 high
- CVE-2020-0787 critical
- CVE-2020-0849 critical
- CVE-2020-0879 high
- CVE-2020-0645 critical
- CVE-2020-0781 critical
- CVE-2020-0783 critical
- CVE-2020-0882 high
- CVE-2020-0785 high
- CVE-2020-0769 critical
- CVE-2020-0684 critical
- CVE-2020-0774 high
- CVE-2020-0845 critical
- CVE-2020-0806 critical
- CVE-2020-0804 critical
- CVE-2020-0803 critical
- CVE-2020-0802 critical
- CVE-2020-0822 critical
- CVE-2020-0842 critical
- CVE-2020-0843 critical
- CVE-2020-0860 critical
- CVE-2020-0844 critical
- CVE-2020-0887 critical
- CVE-2020-0885 warning
- CVE-2020-0883 critical
- CVE-2020-0881 critical
- CVE-2020-0880 high
- CVE-2020-0771 critical
- CVE-2020-0773 critical
- CVE-2020-0772 critical
- CVE-2020-0778 critical
- CVE-2020-0791 critical
- CVE-2020-0770 critical
KB Liste
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!