Kaspersky Threats

Detect date

?

07/14/2020

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

An information disclosure vulnerability in Skype for Business via Microsoft Edge (EdgeHTML-based) can be exploited remotely via specially crafted to obtain sensitive information.
An information disclosure vulnerability in Skype for Business via Internet Explorer can be exploited remotely via specially crafted to obtain sensitive information.
An information disclosure vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to obtain sensitive information.
A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Internet Explorer 9
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-1462
CVE-2020-1432
CVE-2020-1433
CVE-2020-1403

Impacts

?

ACE

[?]

OSI

[?]

Detect date ?	07/14/2020
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: An information disclosure vulnerability in Skype for Business via Microsoft Edge (EdgeHTML-based) can be exploited remotely via specially crafted to obtain sensitive information. An information disclosure vulnerability in Skype for Business via Internet Explorer can be exploited remotely via specially crafted to obtain sensitive information. An information disclosure vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to obtain sensitive information. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Internet Explorer 9 Internet Explorer 11 Microsoft Edge (EdgeHTML-based)
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-1462 CVE-2020-1432 CVE-2020-1433 CVE-2020-1403
Impacts ?	ACE [?] OSI [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2020-14624.3Warning CVE-2020-14324.3Warning CVE-2020-14334.3Warning CVE-2020-14037.6Critical
KB list	4565541 4565524 4558998 4565489 4565479 4565483 4565508 4565511 4565513 4565537 4565503
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11858Multiple vulnerabilities in Microsoft Browser

KLA11858
Multiple vulnerabilities in Microsoft Browser