Multiple vulnerabilities in Microsoft products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
2. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
3. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
4. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
5. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
6. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
7. A remote code execution vulnerability in Microsoft Windows Codecs Library can be exploited remotely via specially crafted image to execute arbitrary code.
8. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
9. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
10. An elevation of privilege vulnerability in Microsoft Windows Update Client can be exploited remotely via specially crafted application to gain privileges.
11. An information disclosure vulnerability in Media Foundation can be exploited remotely via specially crafted file to obtain sensitive information.
12. A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
13. A remote code execution vulnerability in Windows VBScript Engine can be exploited remotely via specially crafted website to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Work Folder Service can be exploited remotely via specially crafted application to gain privileges.
15. A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
16. A denial of service vulnerability in Windows DNS can be exploited remotely to cause denial of service.
17. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
18. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
19. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
20. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
21. A remote code execution vulnerability in Adobe Font Manager Library can be exploited remotely via specially crafted document to execute arbitrary code.
22. An information disclosure in CPU Memory Access can be exploited remotely via specially crafted application to obtain sensitive information.

Первичный источник обнаружения

• CVE-2020-0968
  CVE-2020-0987
  CVE-2020-0982
  CVE-2020-0889
  CVE-2020-0960
  CVE-2020-0962
  CVE-2020-1007
  CVE-2020-0964
  CVE-2020-0965
  CVE-2020-0988
  CVE-2020-0967
  CVE-2020-0959
  CVE-2020-1015
  CVE-2020-1014
  CVE-2020-0946
  CVE-2020-1011
  CVE-2020-1009
  CVE-2020-0907
  CVE-2020-0895
  CVE-2020-1094
  CVE-2020-0687
  CVE-2020-0995
  CVE-2020-0994
  CVE-2020-0993
  CVE-2020-0992
  CVE-2020-0821
  CVE-2020-0999
  CVE-2020-1000
  CVE-2020-0953
  CVE-2020-0952
  CVE-2020-1004
  CVE-2020-1005
  CVE-2020-0957
  CVE-2020-0956
  CVE-2020-1008
  CVE-2020-0958
  CVE-2020-1020
  CVE-2020-1027
  CVE-2020-0938
  CVE-2020-0966
  CVE-2020-0955
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Microsoft-Windows-10

Список CVE

• CVE-2020-0968
  critical
• CVE-2020-0987
  warning
• CVE-2020-0982
  warning
• CVE-2020-0889
  critical
• CVE-2020-0960
  critical
• CVE-2020-0962
  warning
• CVE-2020-1007
  warning
• CVE-2020-0964
  critical
• CVE-2020-0965
  warning
• CVE-2020-0988
  critical
• CVE-2020-0967
  critical
• CVE-2020-0959
  critical
• CVE-2020-1015
  high
• CVE-2020-1014
  high
• CVE-2020-0946
  warning
• CVE-2020-1011
  high
• CVE-2020-1009
  high
• CVE-2020-0907
  critical
• CVE-2020-0895
  critical
• CVE-2020-1094
  high
• CVE-2020-0687
  critical
• CVE-2020-0995
  critical
• CVE-2020-0994
  critical
• CVE-2020-0993
  high
• CVE-2020-0992
  critical
• CVE-2020-0821
  warning
• CVE-2020-0999
  critical
• CVE-2020-1000
  high
• CVE-2020-0953
  critical
• CVE-2020-0952
  warning
• CVE-2020-1004
  high
• CVE-2020-1005
  warning
• CVE-2020-0957
  high
• CVE-2020-0956
  high
• CVE-2020-1008
  critical
• CVE-2020-0958
  high
• CVE-2020-1020
  high
• CVE-2020-1027
  high
• CVE-2020-0938
  high
• CVE-2020-0966
  critical
• CVE-2020-0955
  warning

Список KB

• 4550951
• 4550964
• 4550957
• 4550905
• 4550965

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com