Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA11773
Detect Date:
05/12/2020
Updated:
01/28/2026

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  2. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely via specially crafted script to gain privileges.
  3. A denial of service vulnerability in Connected User Experiences and Telemetry Service can be exploited remotely via specially crafted application to cause denial of service.
  4. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
  5. An elevation of privilege vulnerability in Windows Background Intelligent Transfer Service can be exploited remotely via specially crafted request to gain privileges.
  6. An elevation of privilege vulnerability in Windows State Repository Service can be exploited remotely via specially crafted application to gain privileges.
  7. A denial of service vulnerability in Microsoft Windows Transport Layer Security can be exploited remotely via specially crafted request to cause denial of service.
  8. A memory corruption vulnerability in Media Foundation can be exploited remotely via specially crafted document to execute arbitrary code.
  9. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted network to cause denial of service.
  10. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  11. A security feature bypass vulnerability in Windows Task Scheduler can be exploited remotely via specially crafted request to bypass security restrictions.
  12. An elevation of privilege vulnerability in Windows Clipboard Service can be exploited remotely via specially crafted application to gain privileges.
  13. An information disclosure vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to obtain sensitive information.
  14. A remote code execution vulnerability in Microsoft Color Management can be exploited remotely via specially crafted website to execute arbitrary code.
  15. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  16. An elevation of privilege vulnerability in Windows Runtime can be exploited remotely via specially crafted application to gain privileges.
  17. An elevation of privilege vulnerability in Windows Remote Access Common Dialog can be exploited remotely to gain privileges.
  18. Unspecified Active Directory Federation Services can be exploited remotely via specially crafted request to spoof user interface.
  19. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  20. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely via specially crafted application to gain privileges.
  21. An elevation of privilege vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to gain privileges.
  22. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  23. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  24. An elevation of privilege vulnerability in Windows Storage Service can be exploited remotely via specially crafted application to gain privileges.
  25. An information disclosure vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to obtain sensitive information.
  26. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
  27. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  28. An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
  29. An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
  30. A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
  31. A remote code execution vulnerability in Microsoft Script Runtime can be exploited remotely via specially crafted website to execute arbitrary code.
  32. An elevation of privilege vulnerability in Windows Printer Service can be exploited remotely via specially crafted application to gain privileges.
  33. An elevation of privilege vulnerability in Windows Error Reporting Manager can be exploited remotely via specially crafted application to gain privileges.
  34. An elevation of privilege vulnerability in DirectX can be exploited remotely via specially crafted application to gain privileges.
  35. An elevation of privilege vulnerability in Windows Push Notification Service can be exploited remotely via specially crafted application to gain privileges.
  36. A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service.
  37. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2020-1145
    high
  • CVE-2020-1048
    critical
  • CVE-2020-1084
    high
  • CVE-2020-0963
    high
  • CVE-2020-1112
    critical
  • CVE-2020-1131
    critical
  • CVE-2020-1118
    critical
  • CVE-2020-1134
    critical
  • CVE-2020-1179
    high
  • CVE-2020-1136
    critical
  • CVE-2020-0909
    critical
  • CVE-2020-1174
    critical
  • CVE-2020-1113
    critical
  • CVE-2020-1176
    critical
  • CVE-2020-1111
    critical
  • CVE-2020-1116
    high
  • CVE-2020-1117
    critical
  • CVE-2020-1114
    critical
  • CVE-2020-1156
    critical
  • CVE-2020-1157
    critical
  • CVE-2020-1077
    critical
  • CVE-2020-1155
    critical
  • CVE-2020-1071
    high
  • CVE-2020-1070
    critical
  • CVE-2020-1055
    high
  • CVE-2020-1072
    high
  • CVE-2020-1110
    critical
  • CVE-2020-1079
    critical
  • CVE-2020-1078
    critical
  • CVE-2020-1158
    critical
  • CVE-2020-1090
    critical
  • CVE-2020-1139
    critical
  • CVE-2020-1054
    critical
  • CVE-2020-1190
    critical
  • CVE-2020-1191
    critical
  • CVE-2020-1138
    critical
  • CVE-2020-1143
    critical
  • CVE-2020-1075
    high
  • CVE-2020-1067
    critical
  • CVE-2020-1125
    critical
  • CVE-2020-1051
    critical
  • CVE-2020-1109
    critical
  • CVE-2020-1126
    critical
  • CVE-2020-1028
    critical
  • CVE-2020-1154
    critical
  • CVE-2020-1123
    high
  • CVE-2020-1121
    critical
  • CVE-2020-1142
    critical
  • CVE-2020-1021
    critical
  • CVE-2020-1153
    critical
  • CVE-2020-1088
    critical
  • CVE-2020-1144
    critical
  • CVE-2020-1141
    high
  • CVE-2020-1166
    critical
  • CVE-2020-1165
    critical
  • CVE-2020-1061
    critical
  • CVE-2020-1175
    critical
  • CVE-2020-1081
    critical
  • CVE-2020-1082
    critical
  • CVE-2020-1151
    critical
  • CVE-2020-1149
    critical
  • CVE-2020-1132
    critical
  • CVE-2020-1086
    critical
  • CVE-2020-1087
    critical
  • CVE-2020-1010
    critical
  • CVE-2020-1068
    critical
  • CVE-2020-1140
    critical
  • CVE-2020-1124
    critical
  • CVE-2020-1137
    critical
  • CVE-2020-1184
    critical
  • CVE-2020-1187
    critical
  • CVE-2020-1186
    critical
  • CVE-2020-1189
    critical
  • CVE-2020-1188
    critical
  • CVE-2020-1185
    critical
  • CVE-2020-1164
    critical
  • CVE-2020-1076
    high
  • CVE-2020-1135
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
11 February 2026
Securelist
The game is over: when “free” comes at too high a price. What we know about RenEngine
11 February 2026
Securelist
Spam and phishing in 2025
05 February 2026
Securelist
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
03 February 2026
Securelist
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
29 January 2026
Securelist
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
27 January 2026
Securelist
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.