Kaspersky ID:
KLA11777
Detect Date:
05/12/2020
Updated:
01/22/2024

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
  2. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  3. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  4. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted network to cause denial of service.
  5. An elevation of privilege vulnerability in Windows Background Intelligent Transfer Service can be exploited remotely via specially crafted request to gain privileges.
  6. A security feature bypass vulnerability in Windows Task Scheduler can be exploited remotely via specially crafted request to bypass security restrictions.
  7. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
  8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  9. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  10. An elevation of privilege vulnerability in Windows Remote Access Common Dialog can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely via specially crafted script to gain privileges.
  12. A memory corruption vulnerability in Media Foundation can be exploited remotely via specially crafted document to execute arbitrary code.
  13. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  14. An information disclosure vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to obtain sensitive information.
  15. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  16. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  17. A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
  18. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
  19. A remote code execution vulnerability in MSHTML Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  20. A remote code execution vulnerability in Microsoft Script Runtime can be exploited remotely via specially crafted website to execute arbitrary code.
  21. An elevation of privilege vulnerability in Windows Printer Service can be exploited remotely via specially crafted application to gain privileges.
  22. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  23. An elevation of privilege vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to gain privileges.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2020-1064
    critical
  • CVE-2020-1062
    critical
  • CVE-2020-1060
    critical
  • CVE-2020-1058
    critical
  • CVE-2020-1093
    critical
  • CVE-2020-1092
    critical
  • CVE-2020-1035
    critical
  • CVE-2020-1048
    high
  • CVE-2020-0963
    warning
  • CVE-2020-1112
    critical
  • CVE-2020-1179
    warning
  • CVE-2020-0909
    warning
  • CVE-2020-1174
    critical
  • CVE-2020-1113
    critical
  • CVE-2020-1176
    critical
  • CVE-2020-1116
    warning
  • CVE-2020-1114
    high
  • CVE-2020-1071
    high
  • CVE-2020-1070
    high
  • CVE-2020-1072
    warning
  • CVE-2020-1078
    warning
  • CVE-2020-1054
    high
  • CVE-2020-1143
    high
  • CVE-2020-1067
    critical
  • CVE-2020-1051
    critical
  • CVE-2020-1154
    high
  • CVE-2020-1153
    critical
  • CVE-2020-1141
    warning
  • CVE-2020-1061
    critical
  • CVE-2020-1175
    critical
  • CVE-2020-1081
    high
  • CVE-2020-1010
    high
  • CVE-2020-1150
    high

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.