Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Diagnostics Hub can be exploited remotely via specially crafted application to gain privileges.
2. An elevation of privilege vulnerability in Group Policy Services Policy Processing can be exploited remotely via specially crafted application to gain privileges.
3. An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely via specially crafted application to gain privileges.
4. An elevation of privilege vulnerability in Windows Modules Installer can be exploited to gain privileges.
5. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
6. A remote code execution vulnerability in Hyper-V RemoteFX vGPU can be exploited remotely via specially crafted application to execute arbitrary code.
7. An elevation of privilege vulnerability in Windows Profile Service can be exploited remotely via specially crafted application to gain privileges.
8. A denial of service vulnerability in Local Security Authority Subsystem Service can be exploited remotely via specially crafted authentication to cause denial of service.
9. An elevation of privilege vulnerability in Windows Event Logging Service can be exploited remotely via specially crafted application to gain privileges.
10. An elevation of privilege vulnerability in Windows UPnP Device Host can be exploited remotely via specially crafted application to gain privileges.
11. An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to gain privileges.
12. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
13. A remote code execution vulnerability in Microsoft Graphics Components can be exploited to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Network Location Awareness Service can be exploited remotely to gain privileges.
15. A remote code execution vulnerability in Windows Font Library can be exploited remotely via specially crafted fonts to execute arbitrary code.
16. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely via specially crafted application to gain privileges.
17. An information disclosure vulnerability in Windows Imaging Component can be exploited remotely to obtain sensitive information.
18. An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely to gain privileges.
19. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
20. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
21. A remote code execution vulnerability in Windows Address Book can be exploited remotely to execute arbitrary code.
22. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
23. An elevation of privilege vulnerability in Windows Function Discovery Service can be exploited remotely via specially crafted application to gain privileges.
24. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
25. A remote code execution vulnerability in Windows Jet Database Enginecan be exploited via specially crafted file to execute arbitrary code.
26. An elevation of privilege vulnerability in Windows ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges.
27. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
28. A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
29. A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
30. A remote code execution vulnerability in Microsoft Windows can be exploited remotely via special crafted file to execute arbitrary code.
31. An elevation of privilege vulnerability in Windows Storage Services can be exploited remotely via specially crafted application to gain privileges.
32. An elevation of privilege vulnerability in Windows WalletService can be exploited remotely via specially crafted application to gain privileges.
33. An elevation of privilege vulnerability in Windows Runtime can be exploited remotely via specially crafted application to gain privileges.
34. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
35. An information disclosure vulnerability in Windows Resource Policy can be exploited remotely via specially crafted application to obtain sensitive information.
36. An elevation of privilege vulnerability in Windows USO Core Worker can be exploited remotely via specially crafted application to gain privileges.
37. A remote code execution vulnerability in Windows Font Driver Host can be exploited remotely to execute arbitrary code.
38. An elevation of privilege vulnerability in Windows iSCSI Target Service can be exploited remotely via specially crafted application to gain privileges.
39. An elevation of privilege vulnerability in Windows System Events Broker can be exploited remotely via specially crafted application to gain privileges.
40. An elevation of privilege vulnerability in Windows Mobile Device Management Diagnostics can be exploited remotely via specially crafted application to gain privileges.
41. An elevation of privilege vulnerability in Windows Network List Service can be exploited remotely via specially crafted application to gain privileges.
42. An information disclosure vulnerability in Windows Mobile Device Management Diagnostics can be exploited remotely via specially crafted application to obtain sensitive information.
43. An elevation of privilege vulnerability in Windows SharedStream Library can be exploited remotely via specially crafted application to gain privileges.
44. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
45. An elevation of privilege vulnerability in Windows Push Notification Service can be exploited remotely via specially crafted application to gain privileges.
46. An information disclosure vulnerability in Windows Connected User Experiences and Telemetry Service can be exploited to obtain sensitive information.
47. An elevation of privilege vulnerability in Windows Credential Picker can be exploited remotely via specially crafted application to gain privileges.
48. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
49. An elevation of privilege vulnerability in Windows Lockscreen can be exploited remotely to gain privileges.
50. An information disclosure vulnerability in Windows Agent Activation Runtime can be exploited remotely via specially crafted application to obtain sensitive information.
51. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted script to gain privileges.
52. An information disclosure vulnerability in Windows WalletService can be exploited remotely via specially crafted application to obtain sensitive information.
53. An elevation of privilege vulnerability in Windows Picker Platform can be exploited remotely via specially crafted application to gain privileges.
54. A denial of service vulnerability in Windows WalletService can be exploited remotely via specially crafted application to cause denial of service.
55. An elevation of privilege vulnerability in Windows Print Workflow Service can be exploited remotely via specially crafted application to gain privileges.
56. An elevation of privilege vulnerability in Windows Credential Enrollment Manager Service can be exploited remotely via specially crafted application to gain privileges.
57. An elevation of privilege vulnerability in Windows Sync Host Service can be exploited remotely to gain privileges.
58. An elevation of privilege vulnerability in Windows AppX Deployment Extensions can be exploited remotely via specially crafted application to gain privileges.
59. An elevation of privilege vulnerability in Windows COM Server can be exploited remotely via specially crafted application to gain privileges.
60. An elevation of privilege vulnerability in Windows Error Reporting Manager can be exploited remotely via specially crafted application to gain privileges.
61. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely via specially crafted application to gain privileges.
62. An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges.
63. An information disclosure vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to obtain sensitive information.

Original advisories

• CVE-2020-1347

• CVE-2020-1346
• CVE-2020-1344
• CVE-2020-1267
• CVE-2020-1419
• CVE-2020-1418
• CVE-2020-1413
• CVE-2020-1412
• CVE-2020-1411
• CVE-2020-1410
• CVE-2020-1415
• CVE-2020-1414
• CVE-2020-1358
• CVE-2020-1359
• CVE-2020-1350
• CVE-2020-1351
• CVE-2020-1352
• CVE-2020-1353
• CVE-2020-1354
• CVE-2020-1355
• CVE-2020-1356
• CVE-2020-1357
• CVE-2020-1085
• CVE-2020-1404
• CVE-2020-1405
• CVE-2020-1406
• CVE-2020-1407
• CVE-2020-1400
• CVE-2020-1401
• CVE-2020-1402
• CVE-2020-1408
• CVE-2020-1409
• CVE-2020-1336
• CVE-2020-1333
• CVE-2020-1330
• CVE-2020-1463
• CVE-2020-1468
• CVE-2020-1382
• CVE-2020-1381
• CVE-2020-1387
• CVE-2020-1386
• CVE-2020-1385
• CVE-2020-1384
• CVE-2020-1389
• CVE-2020-1388
• CVE-2020-1398
• CVE-2020-1399
• CVE-2020-1394
• CVE-2020-1395
• CVE-2020-1396
• CVE-2020-1397
• CVE-2020-1390
• CVE-2020-1391
• CVE-2020-1392
• CVE-2020-1393
• CVE-2020-1040
• CVE-2020-1041
• CVE-2020-1042
• CVE-2020-1043
• CVE-2020-1032
• CVE-2020-1036
• CVE-2020-1361
• CVE-2020-1360
• CVE-2020-1363
• CVE-2020-1362
• CVE-2020-1365
• CVE-2020-1364
• CVE-2020-1367
• CVE-2020-1366
• CVE-2020-1369
• CVE-2020-1368
• CVE-2020-1438
• CVE-2020-1435
• CVE-2020-1434
• CVE-2020-1437
• CVE-2020-1436
• CVE-2020-1431
• CVE-2020-1430
• CVE-2020-1372
• CVE-2020-1373
• CVE-2020-1370
• CVE-2020-1371
• CVE-2020-1374
• CVE-2020-1375
• CVE-2020-1249
• CVE-2020-1428
• CVE-2020-1429
• CVE-2020-1426
• CVE-2020-1427
• CVE-2020-1424
• CVE-2020-1422
• CVE-2020-1423
• CVE-2020-1420
• CVE-2020-1421
• ADV200008

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

CVE list

• CVE-2020-1393
  critical
• CVE-2020-1333
  high
• CVE-2020-1384
  critical
• CVE-2020-1346
  critical
• CVE-2020-1389
  high
• CVE-2020-1032
  critical
• CVE-2020-1036
  critical
• CVE-2020-1360
  critical
• CVE-2020-1267
  warning
• CVE-2020-1365
  critical
• CVE-2020-1354
  critical
• CVE-2020-1419
  high
• CVE-2020-1438
  critical
• CVE-2020-1435
  critical
• CVE-2020-1412
  critical
• CVE-2020-1437
  critical
• CVE-2020-1436
  critical
• CVE-2020-1430
  critical
• CVE-2020-1428
  critical
• CVE-2020-1396
  critical
• CVE-2020-1397
  high
• CVE-2020-1390
  critical
• CVE-2020-1359
  critical
• CVE-2020-1371
  critical
• CVE-2020-1350
  critical
• CVE-2020-1351
  high
• CVE-2020-1040
  critical
• CVE-2020-1041
  critical
• CVE-2020-1042
  critical
• CVE-2020-1043
  critical
• CVE-2020-1373
  critical
• CVE-2020-1410
  critical
• CVE-2020-1374
  critical
• CVE-2020-1085
  critical
• CVE-2020-1407
  critical
• CVE-2020-1400
  critical
• CVE-2020-1401
  critical
• CVE-2020-1402
  critical
• CVE-2020-1427
  critical
• CVE-2020-1468
  high
• CVE-2020-1408
  critical
• CVE-2020-1409
  critical
• CVE-2020-1421
  critical
• CVE-2020-1347
  critical
• CVE-2020-1344
  critical
• CVE-2020-1418
  critical
• CVE-2020-1413
  critical
• CVE-2020-1411
  critical
• CVE-2020-1415
  critical
• CVE-2020-1414
  critical
• CVE-2020-1358
  high
• CVE-2020-1352
  critical
• CVE-2020-1353
  critical
• CVE-2020-1355
  critical
• CVE-2020-1356
  critical
• CVE-2020-1357
  critical
• CVE-2020-1404
  critical
• CVE-2020-1405
  high
• CVE-2020-1406
  critical
• CVE-2020-1336
  critical
• CVE-2020-1330
  high
• CVE-2020-1463
  critical
• CVE-2020-1382
  critical
• CVE-2020-1381
  critical
• CVE-2020-1387
  critical
• CVE-2020-1386
  high
• CVE-2020-1385
  critical
• CVE-2020-1388
  critical
• CVE-2020-1398
  high
• CVE-2020-1399
  critical
• CVE-2020-1394
  critical
• CVE-2020-1395
  critical
• CVE-2020-1391
  high
• CVE-2020-1392
  critical
• CVE-2020-1361
  high
• CVE-2020-1363
  critical
• CVE-2020-1362
  critical
• CVE-2020-1364
  high
• CVE-2020-1367
  high
• CVE-2020-1366
  critical
• CVE-2020-1369
  critical
• CVE-2020-1368
  critical
• CVE-2020-1434
  high
• CVE-2020-1431
  critical
• CVE-2020-1372
  critical
• CVE-2020-1370
  critical
• CVE-2020-1375
  critical
• CVE-2020-1249
  critical
• CVE-2020-1429
  critical
• CVE-2020-1426
  high
• CVE-2020-1424
  critical
• CVE-2020-1422
  critical
• CVE-2020-1423
  critical
• CVE-2020-1420
  high

KB list

• 4565541
• 4558998
• 4565489
• 4565483
• 4565508
• 4565511
• 4565513
• 4565537
• 4565503
• 4565540
• 4565554
• 4565553
• 4566425
• 4558997
• 4565911
• 4565912
• 4566785
• 4566426
• 4565535
• 4565552
• 4571692
• 4571694

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com