Описание
Multiple vulnerabilities were found in Microsoft Extended Security Updates. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Windows Imaging Component can be exploited remotely via specially crafted website to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Hard Link can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges.
- An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Background Intelligent Transfer Service can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Language Pack Installer can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Connected User Experiences and Telemetry Service can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Windows Graphics Component can be exploited remotely via specially crafted document to obtain sensitive information.
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
- A tampering vulnerability in Microsoft IIS Server can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
Первичный источник обнаружения
- CVE-2020-0814
CVE-2020-0832
CVE-2020-0853
CVE-2020-0877
CVE-2020-0874
CVE-2020-0871
CVE-2020-0769
CVE-2020-0849
CVE-2020-0879
CVE-2020-0788
CVE-2020-0781
CVE-2020-0783
CVE-2020-0785
CVE-2020-0787
CVE-2020-0684
CVE-2020-0806
CVE-2020-0804
CVE-2020-0803
CVE-2020-0802
CVE-2020-0822
CVE-2020-0843
CVE-2020-0842
CVE-2020-0847
CVE-2020-0860
CVE-2020-0845
CVE-2020-0844
CVE-2020-0887
CVE-2020-0885
CVE-2020-0883
CVE-2020-0882
CVE-2020-0881
CVE-2020-0880
CVE-2020-0774
CVE-2020-0645
CVE-2020-0771
CVE-2020-0770
CVE-2020-0773
CVE-2020-0772
CVE-2020-0779
CVE-2020-0778
CVE-2020-0791
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
Список CVE
- CVE-2020-0832 critical
- CVE-2020-0847 critical
- CVE-2020-0779 high
- CVE-2020-0814 critical
- CVE-2020-0788 critical
- CVE-2020-0853 high
- CVE-2020-0877 critical
- CVE-2020-0874 high
- CVE-2020-0871 high
- CVE-2020-0787 critical
- CVE-2020-0849 critical
- CVE-2020-0879 high
- CVE-2020-0645 critical
- CVE-2020-0781 critical
- CVE-2020-0783 critical
- CVE-2020-0882 high
- CVE-2020-0785 high
- CVE-2020-0769 critical
- CVE-2020-0684 critical
- CVE-2020-0774 high
- CVE-2020-0845 critical
- CVE-2020-0806 critical
- CVE-2020-0804 critical
- CVE-2020-0803 critical
- CVE-2020-0802 critical
- CVE-2020-0822 critical
- CVE-2020-0842 critical
- CVE-2020-0843 critical
- CVE-2020-0860 critical
- CVE-2020-0844 critical
- CVE-2020-0887 critical
- CVE-2020-0885 warning
- CVE-2020-0883 critical
- CVE-2020-0881 critical
- CVE-2020-0880 high
- CVE-2020-0771 critical
- CVE-2020-0773 critical
- CVE-2020-0772 critical
- CVE-2020-0778 critical
- CVE-2020-0791 critical
- CVE-2020-0770 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!