Kaspersky ID:
KLA11703
Дата обнаружения:
14/01/2020
Обновлено:
22/01/2024

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Microsoft Cryptographic Services can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Windows Search Indexer can be exploited remotely via specially crafted application to gain privileges.
  3. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  4. An information disclosure vulnerability in Windows GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
  5. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  6. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
  7. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  8. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
  9. An information disclosure vulnerability in Remote Desktop Web Access can be exploited remotely to obtain sensitive information.
  10. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to obtain sensitive information.
  11. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  12. An information disclosure vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to obtain sensitive information.

Первичный источник обнаружения

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2020-0640
    critical
  • CVE-2020-0608
    warning
  • CVE-2020-0625
    warning
  • CVE-2020-0620
    warning
  • CVE-2020-0629
    warning
  • CVE-2020-0628
    warning
  • CVE-2020-0643
    warning
  • CVE-2020-0642
    high
  • CVE-2020-0607
    warning
  • CVE-2020-0630
    warning
  • CVE-2020-0631
    warning
  • CVE-2020-0632
    warning
  • CVE-2020-0634
    high
  • CVE-2020-0635
    high
  • CVE-2020-0637
    warning
  • CVE-2020-0639
    warning
  • CVE-2020-0611
    high
  • CVE-2020-0615
    warning
  • CVE-2020-0627
    warning
  • CVE-2020-0626
    warning

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.