Symantec product detections for Microsoft monthly Security Bulletins - April 2020
Article ID: 188688
Updated On:
Products
Issue/Introduction
This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017
Resolution
|
ID and Rating |
CAN/CVE ID: CVE-2020-0687 BID: 112514 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Graphics Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0907 BID: 112512 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Graphics Components Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0910 BID: 112498 Microsoft Rating: Critical |
|
Vulnerability Type |
Windows Hyper-V Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows Server 2019 Microsoft Hyper-V Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0929 BID: 112558 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0931 BID: 112564 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0932 BID: 112565 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0938 BID: 112586 Microsoft Rating: Critical |
|
Vulnerability Type |
OpenType Font Parsing Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903
|
|
Details |
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Exp.CVE-2020-0938 Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0948 BID: 112493 Microsoft Rating: Critical |
|
Vulnerability Type |
Media Foundation Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0949 BID: 112495 Microsoft Rating: Critical |
|
Vulnerability Type |
Media Foundation Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0950 BID: 112497 Microsoft Rating: Critical |
|
Vulnerability Type |
Media Foundation Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0965 BID: 112582 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 2012
|
|
Details |
A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0967 BID: 112590 Microsoft Rating: Critical |
|
Vulnerability Type |
VBScript Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0968 BID: 112587 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11
|
|
Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2020-0968 Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0969 BID: 112504 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0970 BID: 112588 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0974 BID: 112568 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1020 BID: 112614 Microsoft Rating: Critical |
|
Vulnerability Type |
Adobe Font Manager Library Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903
|
|
Details |
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2020-1020 Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1022 BID: 112516 Microsoft Rating: Critical |
|
Vulnerability Type |
Dynamics Business Central Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) Microsoft Dynamics 365 Business Central 2019 Spring Update
|
|
Details |
An remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0699 BID: 112521 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0760 BID: 112494 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Access 2010 SP2 (32-bit editions) Microsoft Access 2010 SP2 (64-bit editions) Microsoft Access 2013 Service Pack 1 (32-bit editions) Microsoft Access 2013 Service Pack 1 (64-bit editions) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) Microsoft PowerPoint 2013 RT Service Pack 1 Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Project 2010 Service Pack 2 (32-bit editions) Microsoft Project 2010 Service Pack 2 (64-bit editions) Microsoft Project 2013 Service Pack 1 (32-bit editions) Microsoft Project 2013 Service Pack 1 (64-bit editions) Microsoft Project 2016 (32-bit edition) Microsoft Project 2016 (64-bit edition) Microsoft Publisher 2010 Service Pack 2 (32-bit editions) Microsoft Publisher 2010 Service Pack 2 (64-bit editions) Microsoft Publisher 2013 Service Pack 1 (32-bit editions) Microsoft Publisher 2013 Service Pack 1 (64-bit editions) Microsoft Publisher 2016 (32-bit edition) Microsoft Publisher 2016 (64-bit edition) Microsoft Visio 2010 Service Pack 2 (32-bit editions) Microsoft Visio 2010 Service Pack 2 (64-bit editions) Microsoft Visio 2013 Service Pack 1 (32-bit editions) Microsoft Visio 2013 Service Pack 1 (64-bit editions) Microsoft Visio 2016 (32-bit edition) Microsoft Visio 2016 (64-bit edition) Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0784 BID: 112513 Microsoft Rating: Important |
|
Vulnerability Type |
DirectX Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 1803 Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909 Microsoft Windows Server 2016 Microsoft Windows Server 2019
|
|
Details |
A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0794 BID: 112543 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0821 BID: 112556 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0835 BID: 112198 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Forefront Endpoint Protection 2010 Microsoft Security Essentials Microsoft System Center 2012 Endpoint Protection Microsoft System Center 2012 R2 Endpoint Protection Microsoft System Center Endpoint Protection Microsoft Windows Defender
|
|
Details |
A privilege escalation vulnerability exists when Windows Defender antimalware platform improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0888 BID: 112515 Microsoft Rating: Important |
|
Vulnerability Type |
DirectX Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 1803 Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909 Microsoft Windows Server 2019
|
|
Details |
A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0889 BID: 112594 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0895 BID: 112591 Microsoft Rating: Important |
|
Vulnerability Type |
Windows VBScript Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0899 BID: 112562 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Visual Studio Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Visual Studio 2017 15.9 Microsoft Visual Studio 2019 16.0 Microsoft Visual Studio 2019 16.4 Microsoft Visual Studio 2019 16.5
|
|
Details |
A privilege escalation vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0900 BID: 112613 Microsoft Rating: Important |
|
Vulnerability Type |
Visual Studio Extension Installer Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Visual Studio 2019 16.0 Microsoft Visual Studio 2019 16.1 Microsoft Visual Studio 2019 16.2 Microsoft Visual Studio 2019 16.3 Microsoft Visual Studio 2019 16.4 Microsoft Visual Studio 2017
|
|
Details |
A privilege escalation vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations. An attacker who successfully exploited the vulnerability could delete files in arbitrary locations with elevated permissions.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0906 BID: 112488 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Excel Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions)
|
|
Details |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0913 BID: 112544 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0917 BID: 112631 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Hyper-V Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0918 BID: 112634 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Hyper-V Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0919 BID: 112548 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Remote Desktop App for Mac
|
|
Details |
A privilege escalation vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries. An attacker could then install programs; view, change, or delete data with the logged in user's privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0920 BID: 112547 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0923 BID: 112499 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0924 BID: 112523 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0925 BID: 112525 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0926 BID: 112529 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0927 BID: 112533 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0930 BID: 112538 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0933 BID: 112541 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0934 BID: 112527 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0935 BID: 112609 Microsoft Rating: Important |
|
Vulnerability Type |
OneDrive for Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft OneDrive
|
|
Details |
A privilege escalation vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0936 BID: 112612 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Scheduled Task Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows 2012 R2 Microsoft Windows Server 2012
|
|
Details |
A privilege escalation vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0937 BID: 112617 Microsoft Rating: Important |
|
Vulnerability Type |
Media Foundation Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0939 BID: 112619 Microsoft Rating: Important |
|
Vulnerability Type |
Media Foundation Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0940 BID: 112604 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Push N/Atification Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0942 BID: 112505 Microsoft Rating: Important |
|
Vulnerability Type |
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems
|
|
Details |
A privilege escalation vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0943 BID: 112584 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft YourPhone Application for Android Authentication Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Your Phone Companion App for Android
|
|
Details |
An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles. This could allow an unauthenticated attacker to view notifications.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0944 BID: 112506 Microsoft Rating: Important |
|
Vulnerability Type |
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems
|
|
Details |
A privilege escalation vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0945 BID: 112620 Microsoft Rating: Important |
|
Vulnerability Type |
Media Foundation Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2
|
|
Details |
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0946 BID: 112623 Microsoft Rating: Important |
|
Vulnerability Type |
Media Foundation Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2
|
|
Details |
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0947 BID: 112626 Microsoft Rating: Important |
|
Vulnerability Type |
Media Foundation Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0952 BID: 112536 Microsoft Rating: Important |
|
Vulnerability Type |
Windows GDI Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0953 BID: 112595 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0955 BID: 112555 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure in CPU Memory Access |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0956 BID: 112518 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0957 BID: 112519 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1
|
|
Details |
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0958 BID: 112520 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0959 BID: 112596 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0960 BID: 112597 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0961 BID: 112492 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0962 BID: 112524 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0964 BID: 112501 Microsoft Rating: Important |
|
Vulnerability Type |
GDI+ Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0966 BID: 112589 Microsoft Rating: Important |
|
Vulnerability Type |
VBScript Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0971 BID: 112566 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0972 BID: 112576 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2019
|
|
Details |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0973 BID: 112622 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0975 BID: 112578 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2019
|
|
Details |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0976 BID: 112578 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Server 2019
|
|
Details |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0977 BID: 112580 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0978 BID: 112546 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0979 BID: 112491 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Excel Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0980 BID: 112581 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Word Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office Online Server Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2019 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
Microsoft Office Online Server Microsoft SharePoint Server 2019 Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0981 BID: 112611 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Token Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A security bypass vulnerability exists when Windows fails to properly handle token relationships. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0982 BID: 112502 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Graphics Component Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0983 BID: 112627 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0984 BID: 112522 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft (MAU) Office Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Auto Update
|
|
Details |
A privilege escalation vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0985 BID: 112592 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Update Stack Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems
|
|
Details |
A privilege escalation vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0987 BID: 112510 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Graphics Component Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0988 BID: 112598 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0992 BID: 112599 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0993 BID: 112629 Microsoft Rating: Important |
|
Vulnerability Type |
Windows DNS Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0994 BID: 112600 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0995 BID: 112601 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0996 BID: 112593 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Update Stack Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems
|
|
Details |
A privilege escalation vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0999 BID: 112602 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1000 BID: 112551 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1001 BID: 112605 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Push Notification Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1002 BID: 112540 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Defender Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Defender Microsoft Endpoint Protection Microsoft Forefront Endpoint Protection 2010 Microsoft Security Essentials Microsoft System Center 2012 Endpoint Protection Microsoft System Center 2012 R2 Endpoint Protection Microsoft Microsoft System Center Configuration Microsoft Windows Intune Endpoint Protection
|
|
Details |
A privilege escalation vulnerability exists when the MpSigStub. exe for Defender allows file deletion in arbitrary locations.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1003 BID: 112553 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1004 BID: 112539 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Graphics Component Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1005 BID: 112511 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Graphics Component Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1006 BID: 112606 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Push Notification Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1007 BID: 112557 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1008 BID: 112603 Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1909
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1009 BID: 112528 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1011 BID: 112530 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1014 BID: 112583 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Windows Update Client Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for x64-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows RT 8.1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems
|
|
Details |
A privilege escalation vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1015 BID: 112531 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1016 BID: 112608 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Push Notification Service Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 1903 Microsoft Windows Server 1909 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803
|
|
Details |
An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1017 BID: 112607 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Push Notification Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1018 BID: 112545 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics Business Central/NAV Information Disclosure |
|
Vulnerability Affects |
Microsoft Dynamics 365 Business Central 2019 Microsoft Dynamics NAV 2013 Microsoft Dynamics NAV 2013 Microsoft Dynamics NAV 2015 Microsoft Dynamics NAV 2016 Microsoft Dynamics NAV 2017 Microsoft Dynamics NAV 2018
|
|
Details |
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page. The attacker who successfully exploited the vulnerability could see the information that are in a masked field.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1019 BID: 112561 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft RMS Sharing for Mac
|
|
Details |
A privilege escalation vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries. An attacker could then install programs; view, change, or delete data with the logged in user's privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1026 BID: 112585 Microsoft Rating: Important |
|
Vulnerability Type |
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft MSR JavaScript Cryptography Library 1.4
|
|
Details |
A security bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library's Elliptic Curve Cryptography (ECC) implementation. An attacker could potentially abuse these bugs to learn information about a server's private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1027 BID: 112554 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2020-1027 Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1029 BID: 112642 Microsoft Rating: Important |
|
Vulnerability Type |
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 1909
|
|
Details |
An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1049 BID: TBD Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 Server, version 9.0 (on-premises)
|
|
Details |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1050 BID: TBD Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 Server, version 9.0 (on-premises)
|
|
Details |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1094 BID: TBD Microsoft Rating: Important |
|
Vulnerability Type |
Windows Work Folder Service Elevation of Privilege Vulnerability
|
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 4550929 (Security Update) Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 4549949 (Security Update) Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0954 BID: 112542 Microsoft Rating: Moderate |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0991 BID: 112526 Microsoft Rating: None |
|
Vulnerability Type |
Microsoft Office Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2013 RT Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions
|
|
Details |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
Feedback
