Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
2. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
3. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
4. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted network to cause denial of service.
5. An elevation of privilege vulnerability in Windows Background Intelligent Transfer Service can be exploited remotely via specially crafted request to gain privileges.
6. A security feature bypass vulnerability in Windows Task Scheduler can be exploited remotely via specially crafted request to bypass security restrictions.
7. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
9. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
10. An elevation of privilege vulnerability in Windows Remote Access Common Dialog can be exploited remotely to gain privileges.
11. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely via specially crafted script to gain privileges.
12. A memory corruption vulnerability in Media Foundation can be exploited remotely via specially crafted document to execute arbitrary code.
13. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
14. An information disclosure vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to obtain sensitive information.
15. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
16. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
17. A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
18. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
19. A remote code execution vulnerability in MSHTML Engine can be exploited remotely via specially crafted file to execute arbitrary code.
20. A remote code execution vulnerability in Microsoft Script Runtime can be exploited remotely via specially crafted website to execute arbitrary code.
21. An elevation of privilege vulnerability in Windows Printer Service can be exploited remotely via specially crafted application to gain privileges.
22. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
23. An elevation of privilege vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to gain privileges.

Первичный источник обнаружения

• CVE-2020-0963
  CVE-2020-1078
  CVE-2020-1174
  CVE-2020-1179
  CVE-2020-0909
  CVE-2020-1112
  CVE-2020-1113
  CVE-2020-1176
  CVE-2020-1035
  CVE-2020-1114
  CVE-2020-1154
  CVE-2020-1071
  CVE-2020-1070
  CVE-2020-1150
  CVE-2020-1054
  CVE-2020-1116
  CVE-2020-1058
  CVE-2020-1093
  CVE-2020-1092
  CVE-2020-1051
  CVE-2020-1048
  CVE-2020-1141
  CVE-2020-1153
  CVE-2020-1067
  CVE-2020-1064
  CVE-2020-1062
  CVE-2020-1143
  CVE-2020-1060
  CVE-2020-1061
  CVE-2020-1175
  CVE-2020-1081
  CVE-2020-1072
  CVE-2020-1010
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2020-1064
  critical
• CVE-2020-1062
  critical
• CVE-2020-1060
  critical
• CVE-2020-1058
  critical
• CVE-2020-1093
  critical
• CVE-2020-1092
  critical
• CVE-2020-1035
  critical
• CVE-2020-1048
  high
• CVE-2020-0963
  warning
• CVE-2020-1112
  critical
• CVE-2020-1179
  warning
• CVE-2020-0909
  warning
• CVE-2020-1174
  critical
• CVE-2020-1113
  critical
• CVE-2020-1176
  critical
• CVE-2020-1116
  warning
• CVE-2020-1114
  high
• CVE-2020-1071
  high
• CVE-2020-1070
  high
• CVE-2020-1072
  warning
• CVE-2020-1078
  warning
• CVE-2020-1054
  high
• CVE-2020-1143
  high
• CVE-2020-1067
  critical
• CVE-2020-1051
  critical
• CVE-2020-1154
  high
• CVE-2020-1153
  critical
• CVE-2020-1141
  warning
• CVE-2020-1061
  critical
• CVE-2020-1175
  critical
• CVE-2020-1081
  high
• CVE-2020-1010
  high
• CVE-2020-1150
  high

Список KB

• 4556860
• 4556798
• 4556836
• 4556854
• 4556843

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com