Kaspersky ID:
KLA11777
Дата обнаружения:
12/05/2020
Обновлено:
22/01/2024

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
  2. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  3. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  4. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted network to cause denial of service.
  5. An elevation of privilege vulnerability in Windows Background Intelligent Transfer Service can be exploited remotely via specially crafted request to gain privileges.
  6. A security feature bypass vulnerability in Windows Task Scheduler can be exploited remotely via specially crafted request to bypass security restrictions.
  7. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
  8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  9. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  10. An elevation of privilege vulnerability in Windows Remote Access Common Dialog can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely via specially crafted script to gain privileges.
  12. A memory corruption vulnerability in Media Foundation can be exploited remotely via specially crafted document to execute arbitrary code.
  13. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  14. An information disclosure vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to obtain sensitive information.
  15. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  16. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  17. A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
  18. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
  19. A remote code execution vulnerability in MSHTML Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  20. A remote code execution vulnerability in Microsoft Script Runtime can be exploited remotely via specially crafted website to execute arbitrary code.
  21. An elevation of privilege vulnerability in Windows Printer Service can be exploited remotely via specially crafted application to gain privileges.
  22. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  23. An elevation of privilege vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to gain privileges.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2020-1064
    critical
  • CVE-2020-1062
    critical
  • CVE-2020-1060
    critical
  • CVE-2020-1058
    critical
  • CVE-2020-1093
    critical
  • CVE-2020-1092
    critical
  • CVE-2020-1035
    critical
  • CVE-2020-1048
    high
  • CVE-2020-0963
    warning
  • CVE-2020-1112
    critical
  • CVE-2020-1179
    warning
  • CVE-2020-0909
    warning
  • CVE-2020-1174
    critical
  • CVE-2020-1113
    critical
  • CVE-2020-1176
    critical
  • CVE-2020-1116
    warning
  • CVE-2020-1114
    high
  • CVE-2020-1071
    high
  • CVE-2020-1070
    high
  • CVE-2020-1072
    warning
  • CVE-2020-1078
    warning
  • CVE-2020-1054
    high
  • CVE-2020-1143
    high
  • CVE-2020-1067
    critical
  • CVE-2020-1051
    critical
  • CVE-2020-1154
    high
  • CVE-2020-1153
    critical
  • CVE-2020-1141
    warning
  • CVE-2020-1061
    critical
  • CVE-2020-1175
    critical
  • CVE-2020-1081
    high
  • CVE-2020-1010
    high
  • CVE-2020-1150
    high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.