Продукты:
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Уязвимости Угрозы
Главная Уязвимости

Multiple vulnerabilities in Microsoft products (ESU)

Kaspersky ID:
KLA11694
Дата обнаружения:
11/02/2020
Обновлено:
06/06/2024

Описание

Multiple vulnerabilities were fixed in Microsoft Extended Security Updates. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  2. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges.
  3. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  4. An elevation of privilege vulnerability in Windows Backup Service can be exploited remotely via specially crafted application to gain privileges.
  5. An information disclosure vulnerability in Windows Key Isolation Service can be exploited remotely via specially crafted application to obtain sensitive information.
  6. An information disclosure vulnerability in Windows Network Driver Interface Specification (NDIS) can be exploited remotely via specially crafted application to obtain sensitive information.
  7. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
  8. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
  9. An elevation of privilege vulnerability in Windows Search Indexer can be exploited remotely via specially crafted application to gain privileges.
  10. An elevation of privilege vulnerability in Active Directory can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  12. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  13. An elevation of privilege vulnerability in Windows Function Discovery Service can be exploited remotely via specially crafted application to gain privileges.
  14. An elevation of privilege vulnerability in Windows Installer can be exploited remotely via specially crafted application to gain privileges.
  15. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  16. A remote code execution vulnerability in Windows Imaging Library can be exploited remotely via specially crafted file to execute arbitrary code.
  17. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  18. A memory corruption vulnerability in Media Foundation can be exploited remotely via specially crafted document to execute arbitrary code.
  19. An elevation of privilege vulnerability in Windows Error Reporting Manager can be exploited remotely via specially crafted application to gain privileges.
  20. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  21. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
  22. An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
  23. A remote code execution vulnerability in Remote Desktop Services can be exploited remotely to execute arbitrary code.
  24. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to obtain sensitive information.
  25. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
  26. An information disclosure vulnerability in Windows can be exploited remotely via specially crafted application to obtain sensitive information.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2020-0730
    high
  • CVE-2020-0703
    critical
  • CVE-2020-0729
    critical
  • CVE-2020-0705
    high
  • CVE-2020-0722
    critical
  • CVE-2020-0723
    critical
  • CVE-2020-0720
    critical
  • CVE-2020-0721
    critical
  • CVE-2020-0726
    critical
  • CVE-2020-0724
    critical
  • CVE-2020-0725
    critical
  • CVE-2020-0662
    critical
  • CVE-2020-0667
    critical
  • CVE-2020-0666
    critical
  • CVE-2020-0665
    critical
  • CVE-2020-0668
    critical
  • CVE-2020-0734
    critical
  • CVE-2020-0681
    critical
  • CVE-2020-0680
    critical
  • CVE-2020-0683
    critical
  • CVE-2020-0682
    critical
  • CVE-2020-0686
    critical
  • CVE-2020-0708
    critical
  • CVE-2020-0657
    critical
  • CVE-2020-0719
    critical
  • CVE-2020-0715
    critical
  • CVE-2020-0678
    critical
  • CVE-2020-0731
    critical
  • CVE-2020-0675
    high
  • CVE-2020-0676
    high
  • CVE-2020-0677
    high
  • CVE-2020-0737
    critical
  • CVE-2020-0736
    high
  • CVE-2020-0753
    critical
  • CVE-2020-0752
    critical
  • CVE-2020-0655
    critical
  • CVE-2020-0756
    high
  • CVE-2020-0755
    high
  • CVE-2020-0738
    critical
  • CVE-2020-0735
    critical
  • CVE-2020-0754
    critical
  • CVE-2020-0658
    high
  • CVE-2020-0744
    high
  • CVE-2020-0691
    critical
  • CVE-2020-0748
    high
  • CVE-2020-0698
    high
  • CVE-2020-0745
    critical
  • CVE-2020-0674
    critical
  • CVE-2020-0673
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Related articles
10 July 2025
Securelist
Подсветка кода в Cursor AI за 500 000 долларов
08 July 2025
Securelist
Подход к тестированию на проникновение мейнфреймов на базе z/OS. Погружение в RACF
07 July 2025
Securelist
Шпион Batavia крадет данные российских организаций
25 June 2025
Securelist
ИИ и инструменты совместной работы: отчет об угрозах для малого и среднего бизнеса в 2025 году
23 June 2025
Securelist
SparkKitty, младший брат SparkCat: новый шпион в App Store и Google Play
11 June 2025
Securelist
Токсичная тенденция: очередной зловред маскируется под DeepSeek
Нашли неточность в описании этой уязвимости?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Нашли новую угрозу или уязвимость?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Продукты
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Select language
Sorting
Kaspersky ID
Уязвимость
Detect date
Уровень угрозы
Confirm changes?
Your message has been sent successfully.