Description
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Group Policy Services Policy Processing can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Modules Installer can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- A remote code execution vulnerability in Hyper-V RemoteFX vGPU can be exploited remotely via specially crafted application to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Profile Service can be exploited remotely via specially crafted application to gain privileges.
- A denial of service vulnerability in Local Security Authority Subsystem Service can be exploited remotely via specially crafted authentication to cause denial of service.
- An elevation of privilege vulnerability in Windows Event Logging Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows UPnP Device Host can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Network Location Awareness Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows Font Library can be exploited remotely via specially crafted fonts to execute arbitrary code.
- An elevation of privilege vulnerability in Windows ALPC can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows Imaging Component can be exploited remotely via specially crafted website to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Network Connections Service can be exploited to gain privileges.
- A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
- A remote code execution vulnerability in Windows Address Book can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Function Discovery Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Windows Jet Database Enginecan be exploited via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in Windows ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
- A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
- A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
Original advisories
- CVE-2020-1384
- CVE-2020-1346
- CVE-2020-1389
- CVE-2020-1032
- CVE-2020-1036
- CVE-2020-1360
- CVE-2020-1267
- CVE-2020-1365
- CVE-2020-1354
- CVE-2020-1419
- CVE-2020-1438
- CVE-2020-1435
- CVE-2020-1412
- CVE-2020-1437
- CVE-2020-1436
- CVE-2020-1430
- CVE-2020-1428
- CVE-2020-1396
- CVE-2020-1397
- CVE-2020-1390
- CVE-2020-1359
- CVE-2020-1371
- CVE-2020-1350
- CVE-2020-1351
- CVE-2020-1040
- CVE-2020-1041
- CVE-2020-1042
- CVE-2020-1043
- CVE-2020-1373
- CVE-2020-1410
- CVE-2020-1374
- CVE-2020-1085
- CVE-2020-1407
- CVE-2020-1400
- CVE-2020-1401
- CVE-2020-1402
- CVE-2020-1403
- CVE-2020-1427
- CVE-2020-1468
- CVE-2020-1408
- CVE-2020-1409
- CVE-2020-1421
- ADV200008
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Internet-Explorer
- Microsoft-Office
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Microsoft-Windows-Server-2003
- Windows-RT
- Microsoft-Windows-10
CVE list
- CVE-2020-1403 critical
- CVE-2020-1333 warning
- CVE-2020-1384 warning
- CVE-2020-1346 warning
- CVE-2020-1389 warning
- CVE-2020-1032 critical
- CVE-2020-1036 critical
- CVE-2020-1360 warning
- CVE-2020-1267 warning
- CVE-2020-1365 warning
- CVE-2020-1354 warning
- CVE-2020-1419 warning
- CVE-2020-1438 warning
- CVE-2020-1435 critical
- CVE-2020-1412 critical
- CVE-2020-1437 warning
- CVE-2020-1436 high
- CVE-2020-1430 warning
- CVE-2020-1428 warning
- CVE-2020-1396 warning
- CVE-2020-1397 warning
- CVE-2020-1390 warning
- CVE-2020-1359 warning
- CVE-2020-1371 warning
- CVE-2020-1350 critical
- CVE-2020-1351 warning
- CVE-2020-1040 critical
- CVE-2020-1041 critical
- CVE-2020-1042 critical
- CVE-2020-1043 critical
- CVE-2020-1373 warning
- CVE-2020-1410 critical
- CVE-2020-1374 high
- CVE-2020-1085 warning
- CVE-2020-1407 critical
- CVE-2020-1400 critical
- CVE-2020-1401 critical
- CVE-2020-1402 high
- CVE-2020-1427 warning
- CVE-2020-1468 warning
- CVE-2020-1408 critical
- CVE-2020-1409 critical
- CVE-2020-1421 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!