Cumulative Security Updates for Microsoft Windows

LNK Remote Code Execution Vulnerability (CVE-2020-0729) MS Rating: Critical

 

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a . LNK file is processed.

 

Windows Remote Code Execution Vulnerability (CVE-2020-0662) MS Rating: Critical

 

A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.

 

Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-0681) MS Rating: Critical

 

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

 

Media Foundation Memory Corruption Vulnerability (CVE-2020-0738) MS Rating: Critical

 

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

 

Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-0734) MS Rating: Critical

 

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

 

Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2020-0657) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

 

Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2020-0658) MS Rating: Important

 

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

 

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2020-0655) MS Rating: Important

 

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system.

 

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2020-0659) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

 

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2020-0660) MS Rating: Important

 

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.

 

Active Directory Privilege Escalation Vulnerability (CVE-2020-0665) MS Rating: Important

 

A privilege escalation vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an Active Directory forest.

 

Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0666) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0667) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Key Isolation Service Information Disclosure Vulnerability (CVE-2020-0675) MS Rating: Important

 

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

 

Windows Key Isolation Service Information Disclosure Vulnerability (CVE-2020-0676) MS Rating: Important

 

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

 

Windows Key Isolation Service Information Disclosure Vulnerability (CVE-2020-0677) MS Rating: Important

 

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

 

Windows Error Reporting Manager Privilege Escalation Vulnerability (CVE-2020-0678) MS Rating: Important

 

A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

 

Windows Function Discovery Service Privilege Escalation Vulnerability (CVE-2020-0679) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Function Discovery Service Privilege Escalation Vulnerability (CVE-2020-0680) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Function Discovery Service Privilege Escalation Vulnerability (CVE-2020-0682) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Installer Privilege Escalation Vulnerability (CVE-2020-0683) MS Rating: Important

 

A privilege escalation vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.

 

Windows COM Server Privilege Escalation Vulnerability (CVE-2020-0685) MS Rating: Important

 

A privilege escalation vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

 

Windows Installer Privilege Escalation Vulnerability (CVE-2020-0686) MS Rating: Important

 

A privilege escalation vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.

 

Microsoft Secure Boot Security Bypass Vulnerability (CVE-2020-0689) MS Rating: Important

 

A security bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability can bypass secure boot and load untrusted software.

 

Windows Information Disclosure Vulnerability (CVE-2020-0698) MS Rating: Important

 

An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.

 

Windows Client License Service Privilege Escalation Vulnerability (CVE-2020-0701) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Client License Service (ClipSVC) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Surface Hub Security Bypass Vulnerability (CVE-2020-0702) MS Rating: Important

 

A security bypass vulnerability exists in Surface Hub when prompting for credentials. Successful exploitation of the vulnerability could allow an attacker to access settings which are restricted to Administrators.

 

Windows Backup Service Privilege Escalation Vulnerability (CVE-2020-0703) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

 

Windows Wireless Network Manager Privilege Escalation Vulnerability (CVE-2020-0704) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows Wireless Network Manager improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

 

Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability (CVE-2020-0705) MS Rating: Important

 

An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

 

Windows IME Privilege Escalation Vulnerability (CVE-2020-0707) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows IME improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

 

Windows Imaging Library Remote Code Execution Vulnerability (CVE-2020-0708) MS Rating: Important

 

A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory. To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.

 

DirectX Privilege Escalation Vulnerability (CVE-2020-0709) MS Rating: Important

 

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

DirectX Information Disclosure Vulnerability (CVE-2020-0714) MS Rating: Important

 

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

 

Windows Diagnostics Tracking Service Privilege Escalation Vulnerability (CVE-2020-0727) MS Rating: Important

 

A privilege escalation vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.

 

Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728) MS Rating: Important

 

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.

 

Windows User Profile Service Privilege Escalation Vulnerability (CVE-2020-0730) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.

 

DirectX Privilege Escalation Vulnerability (CVE-2020-0732) MS Rating: Important

 

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Windows Malicious Software Removal Tool Privilege Escalation Vulnerability (CVE-2020-0733) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

 

Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0735) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Privilege Escalation Vulnerability (CVE-2020-0737) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the tapisrv. dll handles objects in memory.

 

Windows Privilege Escalation Vulnerability (CVE-2020-0739) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the dssvc. dll handles file creation allowing for a file overwrite or creation in a secured location.

 

Windows Privilege Escalation Vulnerability (CVE-2020-0740) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Privilege Escalation Vulnerability (CVE-2020-0741) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Privilege Escalation Vulnerability (CVE-2020-0742) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Privilege Escalation Vulnerability (CVE-2020-0743) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2020-0747) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

 

Windows Key Isolation Service Information Disclosure Vulnerability (CVE-2020-0748) MS Rating: Important

 

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

 

Connected Devices Platform Service Elevation of Privilege Vulnerability (CVE-2020-0749) MS Rating: Important

 

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Connected Devices Platform Service Elevation of Privilege Vulnerability (CVE-2020-0750) MS Rating: Important

 

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0752) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Error Reporting Privilege Escalation Vulnerability (CVE-2020-0753) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow Privilege Escalation if an attacker can successfully exploit it.

 

Windows Error Reporting Privilege Escalation Vulnerability (CVE-2020-0754) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow Privilege Escalation if an attacker can successfully exploit it.

 

Windows Key Isolation Service Information Disclosure Vulnerability (CVE-2020-0755) MS Rating: Important

 

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

 

Windows Key Isolation Service Information Disclosure Vulnerability (CVE-2020-0756) MS Rating: Important

 

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

 

Windows SSH Elevation of Privilege Vulnerability (CVE-2020-0757) MS Rating: Important

 

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

 

Cumulative Security Updates for Microsoft Windows Kernel

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0668) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0669) MS Rating: Important

 

A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

 

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0670) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0671) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0672) MS Rating: Important

 

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0691) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Information Disclosure Vulnerability (CVE-2020-0716) MS Rating: Important

 

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

 

Win32k Information Disclosure Vulnerability (CVE-2020-0717) MS Rating: Important

 

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0719) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0720) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0721) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0722) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0723) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0724) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0725) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0726) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Win32k Privilege Escalation Vulnerability (CVE-2020-0731) MS Rating: Important

 

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Windows Kernel Information Disclosure Vulnerability (CVE-2020-0736) MS Rating: Important

 

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

 



Source link

Write a comment:
*

Your email address will not be published.