Kaspersky ID:
KLA12003
Дата обнаружения:
10/11/2020
Обновлено:
25/01/2024

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Remote Access can be exploited remotely to gain privileges.
  2. An information disclosure vulnerability in Windows NDIS can be exploited remotely to obtain sensitive information.
  3. An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  5. An information disclosure vulnerability in Windows KernelStream can be exploited remotely to obtain sensitive information.
  6. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
  7. A denial of service vulnerability in Windows Network File System can be exploited remotely to cause denial of service.
  8. A remote code execution vulnerability in Windows Print Spooler can be exploited remotely to execute arbitrary code.
  9. A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
  10. An information disclosure vulnerability in Remote Desktop Protocol Server can be exploited remotely to obtain sensitive information.
  11. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  12. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  13. An elevation of privilege vulnerability in Windows Port Class Library can be exploited remotely to gain privileges.
  14. An information disclosure vulnerability in Windows Canonical Display Driver can be exploited remotely to obtain sensitive information.
  15. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
  16. A remote code execution vulnerability in Windows GDI+ can be exploited remotely to execute arbitrary code.
  17. An information disclosure vulnerability in Windows Function Discovery SSDP Provider can be exploited remotely to obtain sensitive information.
  18. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
  19. A security feature bypass vulnerability in Kerberos KDC can be exploited remotely to bypass security restrictions.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2020-17043
    critical
  • CVE-2020-17069
    high
  • CVE-2020-17087
    critical
  • CVE-2020-17088
    critical
  • CVE-2020-17045
    high
  • CVE-2020-17051
    critical
  • CVE-2020-17047
    critical
  • CVE-2020-17042
    critical
  • CVE-2020-1599
    high
  • CVE-2020-17044
    critical
  • CVE-2020-16997
    critical
  • CVE-2020-17014
    critical
  • CVE-2020-17038
    critical
  • CVE-2020-17011
    critical
  • CVE-2020-17029
    high
  • CVE-2020-17000
    high
  • CVE-2020-17001
    critical
  • CVE-2020-17068
    critical
  • CVE-2020-17036
    high
  • CVE-2020-17004
    high
  • CVE-2020-17049
    high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Узнай больше об угрозах и векторах атаки на Энциклопедии Kaspersky
Бесплатно
Читать
Kaspersky Premium
Комплексное решение для защиты вашей цифровой жизни
Премиум
Скачать
Confirm changes?
Your message has been sent successfully.