Symantec product detections for Microsoft monthly Security Bulletins - May 2020
Article ID: 190645
Updated On:
Products
Issue/Introduction
This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017
Note: The field for BID is no longer populated or used by Microsoft, and no longer appears here as of May 2020
Resolution
|
ID and Rating |
CAN/CVE ID: CVE-2020-1023
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
1064Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1024
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1028
Microsoft Rating: Critical |
|
Vulnerability Type |
Media Foundation Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1037
Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
ChakraCore Microsoft Edge (EdgeHTML-based) on Windows 10 Microsoft Edge (EdgeHTML-based) on Windows Server 2016 Microsoft Edge (EdgeHTML-based) on Windows Server 2019
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1056
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909
|
|
Details |
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1062
Microsoft Rating: Critical |
|
Vulnerability Type |
Internet Explorer Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 on Windows Server 2008
|
|
Details |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: Microsoft Internet Explorer CVE-2020-1062 |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1064
Microsoft Rating: Critical |
|
Vulnerability Type |
MSHTML Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 on Windows Server 2008
|
|
Details |
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1065
Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
ChakraCore Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows Server 2019
|
|
Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1069
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1093
Microsoft Rating: Critical |
|
Vulnerability Type |
VBScript Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 on Windows Server 2008
|
|
Details |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1102
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1103
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft SharePoint Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1117
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Color Management Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1126
Microsoft Rating: Critical |
|
Vulnerability Type |
Media Foundation Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1136
Microsoft Rating: Critical |
|
Vulnerability Type |
Media Foundation Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1153
Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Graphics Components Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1192
Microsoft Rating: Critical |
|
Vulnerability Type |
Visual Studio Code Python Extension Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Visual Studio Code
|
|
Details |
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0901
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Excel Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Office 365 ProPlus for 32-bit Systems Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0909
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Hyper-V Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for x64-based systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-0963
Microsoft Rating: Important |
|
Vulnerability Type |
Windows GDI Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1010
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 4556813 (Security Update) Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1021
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Error Reporting Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1035
Microsoft Rating: Important |
|
Vulnerability Type |
VBScript Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 on Windows Server 2008
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1048
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Print Spooler Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1051
Microsoft Rating: Important |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1054
Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1055
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs. An un-authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1058
Microsoft Rating: Important |
|
Vulnerability Type |
VBScript Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 on Windows Server 2008
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: Microsoft Windows VBScript Engine CVE-2020-1058 |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1059
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft Edge (EdgeHTML-based) on Windows 10 Microsoft Edge (EdgeHTML-based) on Windows Server 2019
|
|
Details |
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1060
Microsoft Rating: Important |
|
Vulnerability Type |
VBScript Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 on Windows Server 2008
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: Microsoft VBScript Engine RCE CVE-2020-1060 |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1061
Microsoft Rating: Important |
|
Vulnerability Type |
Windows VBScript Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1063
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) Microsoft Dynamics 365 Server, version 9.0 (on-premises) Microsoft Dynamics 365 (on-premises) version 9.0
|
|
Details |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1066
Microsoft Rating: Important |
|
Vulnerability Type |
.NET Framework Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1067
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1068
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1070
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Print Spooler Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1071
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Remote Access Common Dialog Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1072
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1075
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Subsystem for Linux Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1076
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1077
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1078
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Installer Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1079
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1081
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Printer Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1082
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Error Reporting Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1084
Microsoft Rating: Important |
|
Vulnerability Type |
Connected User Experiences and Telemetry Service Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1086
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1087
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1088
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Error Reporting Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1090
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1092
Microsoft Rating: Important |
|
Vulnerability Type |
Internet Explorer Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 on Windows Server 2008
|
|
Details |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1096
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge PDF Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Edge (EdgeHTML-based) on Windows 10 Microsoft Edge (EdgeHTML-based) on Windows Server 2019
|
|
Details |
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1099
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1100
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1101
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1104
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1105
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Spoofing Vulnerability |
|
Vulnerability Affects |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Details |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1106
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office SharePoint XSS Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1107
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
|
|
Details |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1108
Microsoft Rating: Important |
|
Vulnerability Type |
.NET Core Denial of Service Vulnerability |
|
Vulnerability Affects |
.NET Core 3.0 .NET Core 3.1 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server Microsoft .NET Framework 3.5 on Windows 8.1 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server Microsoft .NET Framework 3.5.1 on Windows 7 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 Microsoft .NET Framework 4.5.2 on Windows 7 Microsoft .NET Framework 4.5.2 on Windows 8.1 Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Microsoft .NET Framework 4.5.2 on Windows Server 2008 Microsoft .NET Framework 4.5.2 on Windows Server 2012 Microsoft .NET Framework 4.6 on Windows Server 2008 Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Windows 10 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows 10 Microsoft .NET Framework 4.8 on Windows 7 Microsoft .NET Framework 4.8 on Windows 8.1 Microsoft .NET Framework 4.8 on Windows RT 8.1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server
|
|
Details |
A denial of service vulnerability exists when .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1109
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Update Stack Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1110
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Update Stack Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1111
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Clipboard Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1112
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1113
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Task Scheduler Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1114
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1116
Microsoft Rating: Important |
|
Vulnerability Type |
Windows CSRSS Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1118
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Windows Transport Layer Security Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1121
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Clipboard Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1123
Microsoft Rating: Important |
|
Vulnerability Type |
Connected User Experiences and Telemetry Service Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could cause a system to stop responding.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1124
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1125
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1131
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1132
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Error Reporting Manager Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1134
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1135
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Graphics Component Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2020-1135 Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1137
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Push Notification Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1138
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Storage Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1709 (Server Core Installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1139
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1140
Microsoft Rating: Important |
|
Vulnerability Type |
DirectX Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1141
Microsoft Rating: Important |
|
Vulnerability Type |
Windows GDI Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1142
Microsoft Rating: Important |
|
Vulnerability Type |
Windows GDI Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1143
Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1144
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1145
Microsoft Rating: Important |
|
Vulnerability Type |
Windows GDI Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1149
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1150
Microsoft Rating: Important |
|
Vulnerability Type |
Media Foundation Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
|
|
Details |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1151
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1154
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1155
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1156
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1157
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1158
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under Review |
|
Other Detections |
AV: Under Review Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1161
Microsoft Rating: Important |
|
Vulnerability Type |
ASP.NET Core Denial of Service Vulnerability |
|
Vulnerability Affects |
ASP.NET Core 3.1
|
|
Details |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1164
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Runtime Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1165
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Clipboard Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1166
Microsoft Rating: Important |
|
Vulnerability Type |
Windows Clipboard Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1171
Microsoft Rating: Important |
|
Vulnerability Type |
Visual Studio Code Python Extension Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Visual Studio Code
|
|
Details |
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1173
Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Power BI Report Server Spoofing Vulnerability |
|
Vulnerability Affects |
Power BI Report Server
|
|
Details |
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of attachments uploaded. An authenticated attacker could exploit the vulnerability by uploading a specially crafted payload and sending it to the user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1179
Microsoft Rating: Important |
|
Vulnerability Type |
Windows GDI Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 4556813 (Security Update) Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1184
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1185
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1186
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1187
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1188
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1189
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1190
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1191
Microsoft Rating: Important |
|
Vulnerability Type |
Windows State Repository Service Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
|
|
Details |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1174
Microsoft Rating: None |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1175
Microsoft Rating: None |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2020-1176
Microsoft Rating: None |
|
Vulnerability Type |
Jet Database Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based Systems Microsoft Windows 10 Version 1903 for x64-based Systems Microsoft Windows 10 Version 1909 for 32-bit Systems Microsoft Windows 10 Version 1909 for ARM64-based Systems Microsoft Windows 10 Version 1909 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 8.1 for 32-bit systems Microsoft Windows 8.1 for x64-based systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Windows Server 2012 Microsoft Windows Server 2012 (Server Core installation) Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 (Server Core installation) Microsoft Windows Server 2016 Microsoft Windows Server 2016 (Server Core installation) Microsoft Windows Server 2019 Microsoft Windows Server 2019 (Server Core installation) Microsoft Windows Server, version 1803 (Server Core Installation) Microsoft Windows Server, version 1903 (Server Core installation) Microsoft Windows Server, version 1909 (Server Core installation)
|
|
Details |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A Skeptic: N/A |
Feedback
