Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Remote Access can be exploited remotely to gain privileges.
2. An information disclosure vulnerability in Windows NDIS can be exploited remotely to obtain sensitive information.
3. An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely to gain privileges.
4. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
5. An information disclosure vulnerability in Windows KernelStream can be exploited remotely to obtain sensitive information.
6. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
7. A denial of service vulnerability in Windows Network File System can be exploited remotely to cause denial of service.
8. A remote code execution vulnerability in Windows Print Spooler can be exploited remotely to execute arbitrary code.
9. A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
10. An information disclosure vulnerability in Remote Desktop Protocol Server can be exploited remotely to obtain sensitive information.
11. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
12. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
13. An elevation of privilege vulnerability in Windows Port Class Library can be exploited remotely to gain privileges.
14. An information disclosure vulnerability in Windows Canonical Display Driver can be exploited remotely to obtain sensitive information.
15. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
16. A remote code execution vulnerability in Windows GDI+ can be exploited remotely to execute arbitrary code.
17. An information disclosure vulnerability in Windows Function Discovery SSDP Provider can be exploited remotely to obtain sensitive information.
18. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
19. A security feature bypass vulnerability in Kerberos KDC can be exploited remotely to bypass security restrictions.
20. An elevation of privilege vulnerability in Windows Client Side Rendering Print Provider can be exploited remotely to gain privileges.
21. An information disclosure vulnerability in Windows Network File System can be exploited remotely to obtain sensitive information.
22. A security feature bypass vulnerability in Windows Hyper-V can be exploited remotely to bypass security restrictions.
23. An elevation of privilege vulnerability in Windows Print Configuration can be exploited remotely to gain privileges.

Первичный источник обнаружения

• CVE-2020-17043
  CVE-2020-17069
  CVE-2020-17087
  CVE-2020-17088
  CVE-2020-17045
  CVE-2020-17051
  CVE-2020-17047
  CVE-2020-17042
  CVE-2020-1599
  CVE-2020-17044
  CVE-2020-16997
  CVE-2020-17014
  CVE-2020-17038
  CVE-2020-17011
  CVE-2020-17029
  CVE-2020-17000
  CVE-2020-17001
  CVE-2020-17068
  CVE-2020-17036
  CVE-2020-17004
  CVE-2020-17049
  CVE-2020-17034
  CVE-2020-17026
  CVE-2020-17027
  CVE-2020-17055
  CVE-2020-17024
  CVE-2020-17032
  CVE-2020-17056
  CVE-2020-17025
  CVE-2020-17033
  CVE-2020-17040
  CVE-2020-17028
  CVE-2020-17041
  CVE-2020-17031
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2020-17043
  high
• CVE-2020-17069
  high
• CVE-2020-17087
  high
• CVE-2020-17088
  high
• CVE-2020-17045
  high
• CVE-2020-17051
  critical
• CVE-2020-17047
  high
• CVE-2020-17042
  high
• CVE-2020-1599
  high
• CVE-2020-17044
  high
• CVE-2020-16997
  high
• CVE-2020-17014
  high
• CVE-2020-17038
  high
• CVE-2020-17011
  high
• CVE-2020-17029
  high
• CVE-2020-17000
  high
• CVE-2020-17001
  high
• CVE-2020-17068
  high
• CVE-2020-17036
  high
• CVE-2020-17004
  high
• CVE-2020-17049
  high
• CVE-2020-17040
  high
• CVE-2020-17041
  high
• CVE-2020-17026
  high
• CVE-2020-17028
  high
• CVE-2020-17024
  high
• CVE-2020-17025
  high
• CVE-2020-17034
  high
• CVE-2020-17033
  high
• CVE-2020-17027
  high
• CVE-2020-17056
  high
• CVE-2020-17055
  high
• CVE-2020-17031
  high
• CVE-2020-17032
  high

Список KB

• 4586827
• 4586834
• 4586845
• 4586817
• 4586805
• 4586807
• 4586808
• 4586823
• 4598278
• 4598297
• 5004302
• 5004294
• 5004298
• 5004285
• 5004289
• 5004307
• 5004299
• 5004305

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com