Description
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Windows Remote Access can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows NDIS can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows KernelStream can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
- A denial of service vulnerability in Windows Network File System can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in Windows Print Spooler can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
- An information disclosure vulnerability in Remote Desktop Protocol Server can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Port Class Library can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Canonical Display Driver can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Windows GDI+ can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Windows Function Discovery SSDP Provider can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
- A security feature bypass vulnerability in Kerberos KDC can be exploited remotely to bypass security restrictions.
Original advisories
- CVE-2020-17069
- CVE-2020-17087
- CVE-2020-17088
- CVE-2020-17045
- CVE-2020-17051
- CVE-2020-17047
- CVE-2020-17042
- CVE-2020-1599
- CVE-2020-17044
- CVE-2020-16997
- CVE-2020-17014
- CVE-2020-17038
- CVE-2020-17011
- CVE-2020-17029
- CVE-2020-17000
- CVE-2020-17001
- CVE-2020-17068
- CVE-2020-17036
- CVE-2020-17004
- CVE-2020-17049
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
CVE list
- CVE-2020-17043 critical
- CVE-2020-17069 high
- CVE-2020-17087 critical
- CVE-2020-17088 critical
- CVE-2020-17045 high
- CVE-2020-17051 critical
- CVE-2020-17047 critical
- CVE-2020-17042 critical
- CVE-2020-1599 high
- CVE-2020-17044 critical
- CVE-2020-16997 critical
- CVE-2020-17014 critical
- CVE-2020-17038 critical
- CVE-2020-17011 critical
- CVE-2020-17029 high
- CVE-2020-17000 high
- CVE-2020-17001 critical
- CVE-2020-17068 critical
- CVE-2020-17036 high
- CVE-2020-17004 high
- CVE-2020-17049 high
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!