Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Diagnostics Hub can be exploited remotely via specially crafted application to gain privileges.
2. An elevation of privilege vulnerability in Group Policy Services Policy Processing can be exploited remotely via specially crafted application to gain privileges.
3. An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely via specially crafted application to gain privileges.
4. An elevation of privilege vulnerability in Windows Modules Installer can be exploited to gain privileges.
5. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
6. A remote code execution vulnerability in Hyper-V RemoteFX vGPU can be exploited remotely via specially crafted application to execute arbitrary code.
7. An elevation of privilege vulnerability in Windows Profile Service can be exploited remotely via specially crafted application to gain privileges.
8. A denial of service vulnerability in Local Security Authority Subsystem Service can be exploited remotely via specially crafted authentication to cause denial of service.
9. An elevation of privilege vulnerability in Windows Event Logging Service can be exploited remotely via specially crafted application to gain privileges.
10. An elevation of privilege vulnerability in Windows UPnP Device Host can be exploited remotely via specially crafted application to gain privileges.
11. An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to gain privileges.
12. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
13. A remote code execution vulnerability in Microsoft Graphics Components can be exploited to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Network Location Awareness Service can be exploited remotely to gain privileges.
15. A remote code execution vulnerability in Windows Font Library can be exploited remotely via specially crafted fonts to execute arbitrary code.
16. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely via specially crafted application to gain privileges.
17. An information disclosure vulnerability in Windows Imaging Component can be exploited remotely to obtain sensitive information.
18. An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely to gain privileges.
19. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
20. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
21. A remote code execution vulnerability in Windows Address Book can be exploited remotely to execute arbitrary code.
22. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
23. An elevation of privilege vulnerability in Windows Function Discovery Service can be exploited remotely via specially crafted application to gain privileges.
24. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
25. A remote code execution vulnerability in Windows Jet Database Enginecan be exploited via specially crafted file to execute arbitrary code.
26. An elevation of privilege vulnerability in Windows ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges.
27. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
28. A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
29. A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
30. A remote code execution vulnerability in Microsoft Windows can be exploited remotely via special crafted file to execute arbitrary code.
31. An elevation of privilege vulnerability in Windows Storage Services can be exploited remotely via specially crafted application to gain privileges.
32. An elevation of privilege vulnerability in Windows WalletService can be exploited remotely via specially crafted application to gain privileges.
33. An elevation of privilege vulnerability in Windows Runtime can be exploited remotely via specially crafted application to gain privileges.
34. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
35. An information disclosure vulnerability in Windows Resource Policy can be exploited remotely via specially crafted application to obtain sensitive information.
36. An elevation of privilege vulnerability in Windows USO Core Worker can be exploited remotely via specially crafted application to gain privileges.
37. A remote code execution vulnerability in Windows Font Driver Host can be exploited remotely to execute arbitrary code.
38. An elevation of privilege vulnerability in Windows iSCSI Target Service can be exploited remotely via specially crafted application to gain privileges.
39. An elevation of privilege vulnerability in Windows System Events Broker can be exploited remotely via specially crafted application to gain privileges.
40. An elevation of privilege vulnerability in Windows Mobile Device Management Diagnostics can be exploited remotely via specially crafted application to gain privileges.
41. An elevation of privilege vulnerability in Windows Network List Service can be exploited remotely via specially crafted application to gain privileges.
42. An information disclosure vulnerability in Windows Mobile Device Management Diagnostics can be exploited remotely via specially crafted application to obtain sensitive information.
43. An elevation of privilege vulnerability in Windows SharedStream Library can be exploited remotely via specially crafted application to gain privileges.
44. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
45. An elevation of privilege vulnerability in Windows Push Notification Service can be exploited remotely via specially crafted application to gain privileges.
46. An information disclosure vulnerability in Windows Connected User Experiences and Telemetry Service can be exploited to obtain sensitive information.
47. An elevation of privilege vulnerability in Windows Credential Picker can be exploited remotely via specially crafted application to gain privileges.
48. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
49. An elevation of privilege vulnerability in Windows Lockscreen can be exploited remotely to gain privileges.
50. An information disclosure vulnerability in Windows Agent Activation Runtime can be exploited remotely via specially crafted application to obtain sensitive information.
51. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted script to gain privileges.
52. An information disclosure vulnerability in Windows WalletService can be exploited remotely via specially crafted application to obtain sensitive information.
53. An elevation of privilege vulnerability in Windows Picker Platform can be exploited remotely via specially crafted application to gain privileges.
54. A denial of service vulnerability in Windows WalletService can be exploited remotely via specially crafted application to cause denial of service.
55. An elevation of privilege vulnerability in Windows Print Workflow Service can be exploited remotely via specially crafted application to gain privileges.
56. An elevation of privilege vulnerability in Windows Credential Enrollment Manager Service can be exploited remotely via specially crafted application to gain privileges.
57. An elevation of privilege vulnerability in Windows Sync Host Service can be exploited remotely to gain privileges.
58. An elevation of privilege vulnerability in Windows AppX Deployment Extensions can be exploited remotely via specially crafted application to gain privileges.
59. An elevation of privilege vulnerability in Windows COM Server can be exploited remotely via specially crafted application to gain privileges.
60. An elevation of privilege vulnerability in Windows Error Reporting Manager can be exploited remotely via specially crafted application to gain privileges.
61. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely via specially crafted application to gain privileges.
62. An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges.
63. An information disclosure vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to obtain sensitive information.

Первичный источник обнаружения

• CVE-2020-1347
  CVE-2020-1346
  CVE-2020-1344
  CVE-2020-1267
  CVE-2020-1419
  CVE-2020-1418
  CVE-2020-1413
  CVE-2020-1412
  CVE-2020-1411
  CVE-2020-1410
  CVE-2020-1415
  CVE-2020-1414
  CVE-2020-1358
  CVE-2020-1359
  CVE-2020-1350
  CVE-2020-1351
  CVE-2020-1352
  CVE-2020-1353
  CVE-2020-1354
  CVE-2020-1355
  CVE-2020-1356
  CVE-2020-1357
  CVE-2020-1085
  CVE-2020-1404
  CVE-2020-1405
  CVE-2020-1406
  CVE-2020-1407
  CVE-2020-1400
  CVE-2020-1401
  CVE-2020-1402
  CVE-2020-1408
  CVE-2020-1409
  CVE-2020-1336
  CVE-2020-1333
  CVE-2020-1330
  CVE-2020-1463
  CVE-2020-1468
  CVE-2020-1382
  CVE-2020-1381
  CVE-2020-1387
  CVE-2020-1386
  CVE-2020-1385
  CVE-2020-1384
  CVE-2020-1389
  CVE-2020-1388
  CVE-2020-1398
  CVE-2020-1399
  CVE-2020-1394
  CVE-2020-1395
  CVE-2020-1396
  CVE-2020-1397
  CVE-2020-1390
  CVE-2020-1391
  CVE-2020-1392
  CVE-2020-1393
  CVE-2020-1040
  CVE-2020-1041
  CVE-2020-1042
  CVE-2020-1043
  CVE-2020-1032
  CVE-2020-1036
  CVE-2020-1361
  CVE-2020-1360
  CVE-2020-1363
  CVE-2020-1362
  CVE-2020-1365
  CVE-2020-1364
  CVE-2020-1367
  CVE-2020-1366
  CVE-2020-1369
  CVE-2020-1368
  CVE-2020-1438
  CVE-2020-1435
  CVE-2020-1434
  CVE-2020-1437
  CVE-2020-1436
  CVE-2020-1431
  CVE-2020-1430
  CVE-2020-1372
  CVE-2020-1373
  CVE-2020-1370
  CVE-2020-1371
  CVE-2020-1374
  CVE-2020-1375
  CVE-2020-1249
  CVE-2020-1428
  CVE-2020-1429
  CVE-2020-1426
  CVE-2020-1427
  CVE-2020-1424
  CVE-2020-1422
  CVE-2020-1423
  CVE-2020-1420
  CVE-2020-1421
  ADV200008
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2020-1393
  warning
• CVE-2020-1333
  warning
• CVE-2020-1384
  warning
• CVE-2020-1346
  warning
• CVE-2020-1389
  warning
• CVE-2020-1032
  critical
• CVE-2020-1036
  critical
• CVE-2020-1360
  warning
• CVE-2020-1267
  warning
• CVE-2020-1365
  warning
• CVE-2020-1354
  warning
• CVE-2020-1419
  warning
• CVE-2020-1438
  warning
• CVE-2020-1435
  critical
• CVE-2020-1412
  critical
• CVE-2020-1437
  warning
• CVE-2020-1436
  high
• CVE-2020-1430
  warning
• CVE-2020-1428
  warning
• CVE-2020-1396
  warning
• CVE-2020-1397
  warning
• CVE-2020-1390
  warning
• CVE-2020-1359
  warning
• CVE-2020-1371
  warning
• CVE-2020-1350
  critical
• CVE-2020-1351
  warning
• CVE-2020-1040
  critical
• CVE-2020-1041
  critical
• CVE-2020-1042
  critical
• CVE-2020-1043
  critical
• CVE-2020-1373
  warning
• CVE-2020-1410
  critical
• CVE-2020-1374
  high
• CVE-2020-1085
  warning
• CVE-2020-1407
  critical
• CVE-2020-1400
  critical
• CVE-2020-1401
  critical
• CVE-2020-1402
  high
• CVE-2020-1427
  warning
• CVE-2020-1468
  warning
• CVE-2020-1408
  critical
• CVE-2020-1409
  critical
• CVE-2020-1421
  critical
• CVE-2020-1347
  warning
• CVE-2020-1344
  warning
• CVE-2020-1418
  high
• CVE-2020-1413
  warning
• CVE-2020-1411
  high
• CVE-2020-1415
  warning
• CVE-2020-1414
  warning
• CVE-2020-1358
  warning
• CVE-2020-1352
  warning
• CVE-2020-1353
  warning
• CVE-2020-1355
  warning
• CVE-2020-1356
  warning
• CVE-2020-1357
  warning
• CVE-2020-1404
  warning
• CVE-2020-1405
  warning
• CVE-2020-1406
  high
• CVE-2020-1336
  warning
• CVE-2020-1330
  warning
• CVE-2020-1463
  warning
• CVE-2020-1382
  warning
• CVE-2020-1381
  warning
• CVE-2020-1387
  warning
• CVE-2020-1386
  warning
• CVE-2020-1385
  warning
• CVE-2020-1388
  warning
• CVE-2020-1398
  warning
• CVE-2020-1399
  warning
• CVE-2020-1394
  warning
• CVE-2020-1395
  warning
• CVE-2020-1391
  warning
• CVE-2020-1392
  warning
• CVE-2020-1361
  warning
• CVE-2020-1363
  warning
• CVE-2020-1362
  warning
• CVE-2020-1364
  warning
• CVE-2020-1367
  warning
• CVE-2020-1366
  warning
• CVE-2020-1369
  warning
• CVE-2020-1368
  warning
• CVE-2020-1434
  warning
• CVE-2020-1431
  warning
• CVE-2020-1372
  warning
• CVE-2020-1370
  warning
• CVE-2020-1375
  warning
• CVE-2020-1249
  warning
• CVE-2020-1429
  high
• CVE-2020-1426
  warning
• CVE-2020-1424
  high
• CVE-2020-1422
  warning
• CVE-2020-1423
  warning
• CVE-2020-1420
  warning

Список KB

• 4565541
• 4558998
• 4565489
• 4565483
• 4565508
• 4565511
• 4565513
• 4565537
• 4565503
• 4565540
• 4565554
• 4565553
• 4566425
• 4558997
• 4565911
• 4565912
• 4566785
• 4566426
• 4565535
• 4565552
• 4571692
• 4571694

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com