説明
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service, spoof user interface.
Below is a complete list of vulnerabilities:
- An information disclosure vulnerability in Windows KernelStream can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A denial of service vulnerability in Windows Remote Desktop Service can be exploited remotely via specially crafted requests to cause denial of service.
- An elevation of privilege vulnerability in Windows Application Compatibility Client Library can be exploited remotely via specially crafted application to gain privileges.
- A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Event System can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows – User Profile Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
- An information disclosure vulnerability in NetBT can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Backup Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows COM Server can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Group Policy can be exploited remotely via specially crafted application to gain privileges.
オリジナルアドバイザリー
- CVE-2020-16887
- CVE-2020-16924
- CVE-2020-16863
- CVE-2020-16920
- CVE-2020-16922
- CVE-2020-16923
- CVE-2020-16902
- CVE-2020-16900
- CVE-2020-16940
- CVE-2020-16891
- CVE-2020-16897
- CVE-2020-16973
- CVE-2020-16972
- CVE-2020-16976
- CVE-2020-16975
- CVE-2020-16974
- CVE-2020-16936
- CVE-2020-16935
- CVE-2020-16914
- CVE-2020-16916
- CVE-2020-16939
- CVE-2020-16912
エクスプロイテーション
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
関連製品
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
CVEリスト
- CVE-2020-16923 critical
- CVE-2020-16889 high
- CVE-2020-16887 critical
- CVE-2020-16902 critical
- CVE-2020-16939 critical
- CVE-2020-16972 critical
- CVE-2020-16940 critical
- CVE-2020-16920 critical
- CVE-2020-16922 high
- CVE-2020-16924 critical
- CVE-2020-16900 critical
- CVE-2020-16891 critical
- CVE-2020-16897 high
- CVE-2020-16973 critical
- CVE-2020-16976 critical
- CVE-2020-16975 critical
- CVE-2020-16974 critical
- CVE-2020-16936 critical
- CVE-2020-16935 critical
- CVE-2020-16912 critical
- CVE-2020-16914 high
- CVE-2020-16916 critical
- CVE-2020-16863 critical
KBリスト
も参照してください
お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com
この脆弱性についての記述に不正確な点がありますか? お知らせください!