ID CVE-2020-0740 Type cve Reporter cve@mitre.org Modified 2020-02-13T21:25:00
Description
An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750.
{"mscve": [{"lastseen": "2020-08-07T11:45:30", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-0740"], "description": "An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\n\nThe security update addresses the vulnerability by ensuring the Connected Devices Platform Service properly handles objects in memory.\n", "edition": 2, "modified": "2020-02-11T08:00:00", "id": "MS:CVE-2020-0740", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0740", "published": "2020-02-11T08:00:00", "title": "Connected Devices Platform Service Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-07-21T19:51:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0658", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0685", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4537789", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816560", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4537789)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816560\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\", \"CVE-2020-0659\",\n \"CVE-2020-0660\", \"CVE-2020-0662\", \"CVE-2020-0665\", \"CVE-2020-0666\",\n \"CVE-2020-0667\", \"CVE-2020-0668\", \"CVE-2020-0670\", \"CVE-2020-0671\",\n \"CVE-2020-0672\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0685\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0701\", \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0705\",\n \"CVE-2020-0706\", \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0710\",\n \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0715\", \"CVE-2020-0716\",\n \"CVE-2020-0717\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0728\", \"CVE-2020-0729\",\n \"CVE-2020-0730\", \"CVE-2020-0731\", \"CVE-2020-0734\", \"CVE-2020-0735\",\n \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\", \"CVE-2020-0740\",\n \"CVE-2020-0741\", \"CVE-2020-0742\", \"CVE-2020-0743\", \"CVE-2020-0744\",\n \"CVE-2020-0745\", \"CVE-2020-0747\", \"CVE-2020-0748\", \"CVE-2020-0749\",\n \"CVE-2020-0750\", \"CVE-2020-0752\", \"CVE-2020-0753\", \"CVE-2020-0754\",\n \"CVE-2020-0755\", \"CVE-2020-0756\", \"CVE-2020-0767\", \"CVE-2020-0817\",\n \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4537789)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4537789\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error in Active Directory Forest trusts due to a default setting that lets an\n attacker in the trusting forest request delegation of a TGT for an identity from\n the trusted forest.\n\n - An error in the way that the Windows Search Indexer handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4537789\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1684\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1684\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2018-8267", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4532691", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816561", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4532691)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816561\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-8267\", \"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\",\n \"CVE-2020-0659\", \"CVE-2020-0660\", \"CVE-2020-0661\", \"CVE-2020-0662\",\n \"CVE-2020-0663\", \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\",\n \"CVE-2020-0668\", \"CVE-2020-0669\", \"CVE-2020-0670\", \"CVE-2020-0671\",\n \"CVE-2020-0672\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0685\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0701\", \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0705\",\n \"CVE-2020-0706\", \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0710\",\n \"CVE-2020-0711\", \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0714\",\n \"CVE-2020-0715\", \"CVE-2020-0717\", \"CVE-2020-0719\", \"CVE-2020-0720\",\n \"CVE-2020-0721\", \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\",\n \"CVE-2020-0725\", \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0728\",\n \"CVE-2020-0729\", \"CVE-2020-0730\", \"CVE-2020-0731\", \"CVE-2020-0734\",\n \"CVE-2020-0735\", \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\",\n \"CVE-2020-0740\", \"CVE-2020-0741\", \"CVE-2020-0742\", \"CVE-2020-0743\",\n \"CVE-2020-0744\", \"CVE-2020-0745\", \"CVE-2020-0746\", \"CVE-2020-0747\",\n \"CVE-2020-0748\", \"CVE-2020-0749\", \"CVE-2020-0750\", \"CVE-2020-0752\",\n \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\", \"CVE-2020-0756\",\n \"CVE-2020-0757\", \"CVE-2020-0767\", \"CVE-2020-0817\", \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4532691)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532691\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error when Microsoft Edge does not properly enforce cross-domain policies.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532691\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.1038\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.1038\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2018-8267", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4532693", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816562", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4532693)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816562\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-8267\", \"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\",\n \"CVE-2020-0659\", \"CVE-2020-0660\", \"CVE-2020-0661\", \"CVE-2020-0662\",\n \"CVE-2020-0663\", \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\",\n \"CVE-2020-0668\", \"CVE-2020-0669\", \"CVE-2020-0670\", \"CVE-2020-0671\",\n \"CVE-2020-0672\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0685\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0701\", \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0706\",\n \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0710\", \"CVE-2020-0711\",\n \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0714\", \"CVE-2020-0715\",\n \"CVE-2020-0717\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0728\", \"CVE-2020-0729\",\n \"CVE-2020-0730\", \"CVE-2020-0731\", \"CVE-2020-0734\", \"CVE-2020-0735\",\n \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\", \"CVE-2020-0740\",\n \"CVE-2020-0741\", \"CVE-2020-0742\", \"CVE-2020-0743\", \"CVE-2020-0744\",\n \"CVE-2020-0745\", \"CVE-2020-0746\", \"CVE-2020-0747\", \"CVE-2020-0748\",\n \"CVE-2020-0749\", \"CVE-2020-0750\", \"CVE-2020-0751\", \"CVE-2020-0752\",\n \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\", \"CVE-2020-0756\",\n \"CVE-2020-0757\", \"CVE-2020-0767\", \"CVE-2020-0792\", \"CVE-2020-0817\",\n \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4532693)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532693\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error when Microsoft Edge does not properly enforce cross-domain policies.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532693\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.656\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.656\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:54", "bulletinFamily": "info", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0732", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0709", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "### *Detect date*:\n02/11/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows RT 8.1 \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows Server 2019 \nWindows Server 2012 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0739](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0739>) \n[CVE-2020-0727](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0727>) \n[CVE-2020-0742](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0742>) \n[CVE-2020-0659](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0659>) \n[CVE-2020-0730](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0730>) \n[CVE-2020-0703](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0703>) \n[CVE-2020-0701](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0701>) \n[CVE-2020-0728](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0728>) \n[CVE-2020-0729](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0729>) \n[CVE-2020-0704](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0704>) \n[CVE-2020-0705](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0705>) \n[CVE-2020-0707](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0707>) \n[CVE-2020-0722](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0722>) \n[CVE-2020-0723](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0723>) \n[CVE-2020-0720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0720>) \n[CVE-2020-0721](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0721>) \n[CVE-2020-0726](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0726>) \n[CVE-2020-0746](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0746>) \n[CVE-2020-0724](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0724>) \n[CVE-2020-0725](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0725>) \n[CVE-2020-0662](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0662>) \n[CVE-2020-0661](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0661>) \n[CVE-2020-0747](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0747>) \n[CVE-2020-0667](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0667>) \n[CVE-2020-0666](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0666>) \n[CVE-2020-0665](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0665>) \n[CVE-2020-0740](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0740>) \n[CVE-2020-0669](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0669>) \n[CVE-2020-0668](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0668>) \n[CVE-2020-0734](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0734>) \n[CVE-2020-0681](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0681>) \n[CVE-2020-0680](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0680>) \n[CVE-2020-0683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0683>) \n[CVE-2020-0682](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0682>) \n[CVE-2020-0685](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0685>) \n[CVE-2020-0672](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0672>) \n[CVE-2020-0686](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0686>) \n[CVE-2020-0689](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0689>) \n[CVE-2020-0743](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0743>) \n[CVE-2020-0708](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0708>) \n[CVE-2020-0709](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0709>) \n[CVE-2020-0657](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0657>) \n[CVE-2020-0719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0719>) \n[CVE-2020-0732](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0732>) \n[CVE-2020-0750](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0750>) \n[CVE-2020-0717](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0717>) \n[CVE-2020-0716](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0716>) \n[CVE-2020-0715](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0715>) \n[CVE-2020-0660](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0660>) \n[CVE-2020-0678](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0678>) \n[CVE-2020-0679](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0679>) \n[CVE-2020-0731](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0731>) \n[CVE-2020-0675](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0675>) \n[CVE-2020-0676](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0676>) \n[CVE-2020-0677](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0677>) \n[CVE-2020-0670](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0670>) \n[CVE-2020-0671](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0671>) \n[CVE-2020-0737](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0737>) \n[CVE-2020-0753](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0753>) \n[CVE-2020-0752](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0752>) \n[CVE-2020-0751](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0751>) \n[CVE-2020-0655](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0655>) \n[CVE-2020-0757](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0757>) \n[CVE-2020-0756](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0756>) \n[CVE-2020-0755](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0755>) \n[CVE-2020-0738](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0738>) \n[CVE-2020-0735](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0735>) \n[CVE-2020-0754](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0754>) \n[CVE-2020-0792](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0792>) \n[CVE-2020-0658](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0658>) \n[CVE-2020-0744](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0744>) \n[CVE-2020-0691](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0691>) \n[CVE-2020-0741](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0741>) \n[CVE-2020-0748](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0748>) \n[CVE-2020-0698](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0698>) \n[CVE-2020-0745](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0745>) \n[CVE-2020-0714](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0714>) \n[CVE-2020-0749](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0749>) \n[CVE-2020-0818](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0818>) \n[CVE-2020-0817](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0817>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-0739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0739>)0.0Unknown \n[CVE-2020-0727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0727>)0.0Unknown \n[CVE-2020-0742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0742>)0.0Unknown \n[CVE-2020-0659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0659>)0.0Unknown \n[CVE-2020-0730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0730>)0.0Unknown \n[CVE-2020-0703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0703>)0.0Unknown \n[CVE-2020-0701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0701>)0.0Unknown \n[CVE-2020-0728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0728>)0.0Unknown \n[CVE-2020-0729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0729>)0.0Unknown \n[CVE-2020-0704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0704>)0.0Unknown \n[CVE-2020-0705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0705>)0.0Unknown \n[CVE-2020-0707](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0707>)0.0Unknown \n[CVE-2020-0722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0722>)0.0Unknown \n[CVE-2020-0723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0723>)0.0Unknown \n[CVE-2020-0720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0720>)0.0Unknown \n[CVE-2020-0721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0721>)0.0Unknown \n[CVE-2020-0726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0726>)0.0Unknown \n[CVE-2020-0746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0746>)0.0Unknown \n[CVE-2020-0724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0724>)0.0Unknown \n[CVE-2020-0725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0725>)0.0Unknown \n[CVE-2020-0662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0662>)0.0Unknown \n[CVE-2020-0661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0661>)0.0Unknown \n[CVE-2020-0747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0747>)0.0Unknown \n[CVE-2020-0667](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0667>)0.0Unknown \n[CVE-2020-0666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0666>)0.0Unknown \n[CVE-2020-0665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0665>)0.0Unknown \n[CVE-2020-0740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0740>)0.0Unknown \n[CVE-2020-0669](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0669>)0.0Unknown \n[CVE-2020-0668](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0668>)0.0Unknown \n[CVE-2020-0734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0734>)0.0Unknown \n[CVE-2020-0681](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0681>)0.0Unknown \n[CVE-2020-0680](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0680>)0.0Unknown \n[CVE-2020-0683](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0683>)0.0Unknown \n[CVE-2020-0682](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0682>)0.0Unknown \n[CVE-2020-0685](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0685>)0.0Unknown \n[CVE-2020-0672](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0672>)0.0Unknown \n[CVE-2020-0686](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0686>)0.0Unknown \n[CVE-2020-0689](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0689>)0.0Unknown \n[CVE-2020-0743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0743>)0.0Unknown \n[CVE-2020-0708](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0708>)0.0Unknown \n[CVE-2020-0709](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0709>)0.0Unknown \n[CVE-2020-0657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0657>)0.0Unknown \n[CVE-2020-0719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0719>)0.0Unknown \n[CVE-2020-0732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0732>)0.0Unknown \n[CVE-2020-0750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0750>)0.0Unknown \n[CVE-2020-0717](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0717>)0.0Unknown \n[CVE-2020-0716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0716>)0.0Unknown \n[CVE-2020-0715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0715>)0.0Unknown \n[CVE-2020-0660](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0660>)0.0Unknown \n[CVE-2020-0678](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0678>)0.0Unknown \n[CVE-2020-0679](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0679>)0.0Unknown \n[CVE-2020-0731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0731>)0.0Unknown \n[CVE-2020-0675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0675>)0.0Unknown \n[CVE-2020-0676](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0676>)0.0Unknown \n[CVE-2020-0677](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0677>)0.0Unknown \n[CVE-2020-0670](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0670>)0.0Unknown \n[CVE-2020-0671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0671>)0.0Unknown \n[CVE-2020-0737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0737>)0.0Unknown \n[CVE-2020-0753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0753>)0.0Unknown \n[CVE-2020-0752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0752>)0.0Unknown \n[CVE-2020-0751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0751>)0.0Unknown \n[CVE-2020-0655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0655>)0.0Unknown \n[CVE-2020-0757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0757>)0.0Unknown \n[CVE-2020-0756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0756>)0.0Unknown \n[CVE-2020-0755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0755>)0.0Unknown \n[CVE-2020-0738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0738>)0.0Unknown \n[CVE-2020-0735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0735>)0.0Unknown \n[CVE-2020-0754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0754>)0.0Unknown \n[CVE-2020-0792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0792>)0.0Unknown \n[CVE-2020-0658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0658>)0.0Unknown \n[CVE-2020-0744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0744>)0.0Unknown \n[CVE-2020-0691](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0691>)0.0Unknown \n[CVE-2020-0741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0741>)0.0Unknown \n[CVE-2020-0748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0748>)0.0Unknown \n[CVE-2020-0698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0698>)0.0Unknown \n[CVE-2020-0745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0745>)0.0Unknown \n[CVE-2020-0714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0714>)0.0Unknown \n[CVE-2020-0749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0749>)0.0Unknown \n[CVE-2020-0818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0818>)0.0Unknown \n[CVE-2020-0817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0817>)0.0Unknown\n\n### *KB list*:\n[4537821](<http://support.microsoft.com/kb/4537821>) \n[4537776](<http://support.microsoft.com/kb/4537776>) \n[4537794](<http://support.microsoft.com/kb/4537794>) \n[4524244](<http://support.microsoft.com/kb/4524244>) \n[4532693](<http://support.microsoft.com/kb/4532693>) \n[4532691](<http://support.microsoft.com/kb/4532691>) \n[4502496](<http://support.microsoft.com/kb/4502496>) \n[4537762](<http://support.microsoft.com/kb/4537762>) \n[4537764](<http://support.microsoft.com/kb/4537764>) \n[4537789](<http://support.microsoft.com/kb/4537789>) \n[4537803](<http://support.microsoft.com/kb/4537803>) \n[4537814](<http://support.microsoft.com/kb/4537814>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-06-18T00:00:00", "published": "2020-02-11T00:00:00", "id": "KLA11662", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11662", "title": "\r KLA11662Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4537762.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537762: Windows 10 Version 1803 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4537762.NASL", "href": "https://www.tenable.com/plugins/nessus/133610", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133610);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0662\",\n \"CVE-2020-0663\", \n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0669\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0711\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\",\n \"CVE-2020-0714\",\n \"CVE-2020-0715\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0746\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4537762\");\n script_xref(name:\"MSFT\", value:\"MS20-4537762\");\n\n script_name(english:\"KB4537762: Windows 10 Version 1803 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537762.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4537762/windows-10-update-kb4537762\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4855af5f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4537762.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537762');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537762])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:44", "description": "The remote Windows host is missing security update 4537789.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716, CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0712, CVE-2020-0713, CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537789: Windows 10 Version 1709 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0658", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0685", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4537789.NASL", "href": "https://www.tenable.com/plugins/nessus/133613", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133613);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\", \n \"CVE-2020-0715\",\n \"CVE-2020-0716\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4537789\");\n script_xref(name:\"MSFT\", value:\"MS20-4537789\");\n\n script_name(english:\"KB4537789: Windows 10 Version 1709 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537789.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716, CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0712, CVE-2020-0713, CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4537789/windows-10-update-kb4537789\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0982790\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4537789.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537789');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537789])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4532691.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0817)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4532691: Windows 10 Version 1809 and Windows Server 2019 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4532691.NASL", "href": "https://www.tenable.com/plugins/nessus/133608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133608);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0661\",\n \"CVE-2020-0662\",\n \"CVE-2020-0663\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0669\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0711\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\",\n \"CVE-2020-0714\",\n \"CVE-2020-0715\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0746\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0757\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4532691\");\n script_xref(name:\"MSFT\", value:\"MS20-4532691\");\n\n script_name(english:\"KB4532691: Windows 10 Version 1809 and Windows Server 2019 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4532691.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0817)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4532691/windows-10-update-kb4532691\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddd07632\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4532691.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4532691');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532691])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4532693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-0751)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745, CVE-2020-0792)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4532693: Windows 10 Version 1903 and Windows 10 Version 1909 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4532693.NASL", "href": "https://www.tenable.com/plugins/nessus/133609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133609);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0661\",\n \"CVE-2020-0662\",\n \"CVE-2020-0663\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0669\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0711\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\",\n \"CVE-2020-0714\",\n \"CVE-2020-0715\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0746\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0751\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0757\",\n \"CVE-2020-0767\",\n \"CVE-2020-0792\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4532693\");\n script_xref(name:\"MSFT\", value:\"MS20-4532693\");\n\n script_name(english:\"KB4532693: Windows 10 Version 1903 and Windows 10 Version 1909 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4532693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-0751)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745, CVE-2020-0792)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4532693/windows-10-update-kb4532693\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebd73de2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4532693.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4532693');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532693])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532693])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2020-02-14T09:31:47", "bulletinFamily": "blog", "cvelist": ["CVE-2020-00695", "CVE-2020-0618", "CVE-2020-0655", "CVE-2020-0657", "CVE-2020-0658", "CVE-2020-0659", "CVE-2020-0660", "CVE-2020-0661", "CVE-2020-0662", "CVE-2020-0663", "CVE-2020-0665", "CVE-2020-0666", "CVE-2020-0667", "CVE-2020-0668", "CVE-2020-0669", "CVE-2020-0670", "CVE-2020-0671", "CVE-2020-0672", "CVE-2020-0673", "CVE-2020-0674", "CVE-2020-0675", "CVE-2020-0676", "CVE-2020-0677", "CVE-2020-0678", "CVE-2020-0679", "CVE-2020-0680", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0683", "CVE-2020-0685", "CVE-2020-0686", "CVE-2020-0688", "CVE-2020-0689", "CVE-2020-0691", "CVE-2020-0692", "CVE-2020-0693", "CVE-2020-0694", "CVE-2020-0695", "CVE-2020-0696", "CVE-2020-0697", "CVE-2020-0698", "CVE-2020-0701", "CVE-2020-0702", "CVE-2020-0703", "CVE-2020-0704", "CVE-2020-0705", "CVE-2020-0706", "CVE-2020-0707", "CVE-2020-0708", "CVE-2020-0709", "CVE-2020-0710", "CVE-2020-0711", "CVE-2020-0712", "CVE-2020-0713", "CVE-2020-0714", "CVE-2020-0715", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0719", "CVE-2020-0720", "CVE-2020-0721", "CVE-2020-0722", "CVE-2020-0723", "CVE-2020-0724", "CVE-2020-0725", "CVE-2020-0726", "CVE-2020-0727", "CVE-2020-0728", "CVE-2020-0729", "CVE-2020-0730", "CVE-2020-0731", "CVE-2020-0732", "CVE-2020-0733", "CVE-2020-0734", "CVE-2020-0735", "CVE-2020-0736", "CVE-2020-0737", "CVE-2020-0738", "CVE-2020-0739", "CVE-2020-0740", "CVE-2020-0741", "CVE-2020-0742", "CVE-2020-0743", "CVE-2020-0744", "CVE-2020-0745", "CVE-2020-0746", "CVE-2020-0747", "CVE-2020-0748", "CVE-2020-0749", "CVE-2020-0750", "CVE-2020-0751", "CVE-2020-0752", "CVE-2020-0753", "CVE-2020-0754", "CVE-2020-0755", "CVE-2020-0756", "CVE-2020-0759", "CVE-2020-0766", "CVE-2020-0767"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's [Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb>) covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity. \n \nThis month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player. \n \nTalos released a new set of SNORT\u24c7 rules today that provide coverage for some of these vulnerabilities, which you can see [here](<https://snort.org/advisories/talos-rules-2020-02-11>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 12 critical vulnerabilities this month, all of which we will highlight below. \n \n[CVE-2020-0673](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673>), [CVE-2020-0674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674>), [CVE-2020-0710](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0710>), [CVE-2020-0711](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0711>), [CVE-2020-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0712>), [CVE-2020-0713](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0713>) and [CVE-2020-0767](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0767>) are all memory corruption vulnerabilities in the Microsoft scripting engine that deals with how Internet Explorer handles objects in memory. An attacker could use these vulnerabilities to corrupt memory on the victim machine in a way that would allow them to execute arbitrary code. A user could trigger this bug by visiting an attacker-controlled web page on Internet Explorer that's been specially crafted to exploit this vulnerability. Alternatively, an attacker could embed an ActiveX control marked \"safe for initialization\" in another application or Microsoft Office document that utilizes the Internet Explorer rendering engine and convince the victim to open that file. \n \n[CVE-2020-0681](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681>) and [CVE-2020-0734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734>) are remote code execution vulnerabilities in Remote Desktop Protocol when the user connects to a malicious server. An attacker can exploit these vulnerabilities by hosting a server, and convincing a user to connect to it, likely via social engineering or a man-in-the-middle technique. \n \n[CVE-2020-0662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0662>) is a remote code execution vulnerability in Windows 10 and some versions of Windows Server that exists in the way the software handles objects in memory. If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with elevated permissions on the victim machine. The attacker would need a domain user account, and then create a specially crafted request. \n \n[CVE-2020-0729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0729>) is a remote code execution vulnerability in Windows that could allow an attacker to remotely execute code if Windows processes a specially crafted .LNK file. An adversary could exploit this vulnerability by sending the user a removable drive or remote share containing a malicious .LNK file and an associated malicious binary. If the user opens the file in Windows Explorer or another application that parses .LNK files, the binary will execute code of the attacker's choice. \n \n[CVE-2020-0738](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0738>) is a memory corruption vulnerability in Windows Media Foundation that exists in the way the software handles objects in memory. An attacker could exploit this bug by convincing the user to open a specially crafted, malicious file or web page, which would corrupt memory in a way the attacker could then install programs, manipulate user data or create new user accounts on the victim machine. \n\n\n### Important vulnerabilities\n\nThis release also contains 84 important vulnerabilities: \n \n\n\n * [CVE-2020-0618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618>)\n * [CVE-2020-0655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0655>)\n * [CVE-2020-0657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0657>)\n * [CVE-2020-0658](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0658>)\n * [CVE-2020-0659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0659>)\n * [CVE-2020-0660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0660>)\n * [CVE-2020-0661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0661>)\n * [CVE-2020-0663](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0663>)\n * [CVE-2020-0665](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0665>)\n * [CVE-2020-0666](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0666>)\n * [CVE-2020-0667](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0667>)\n * [CVE-2020-0668](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668>)\n * [CVE-2020-0669](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0669>)\n * [CVE-2020-0670](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0670>)\n * [CVE-2020-0671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0671>)\n * [CVE-2020-0672](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0672>)\n * [CVE-2020-0675](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0675>)\n * [CVE-2020-0676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0676>)\n * [CVE-2020-0677](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0677>)\n * [CVE-2020-0678](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0678>)\n * [CVE-2020-0679](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0679>)\n * [CVE-2020-0680](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0680>)\n * [CVE-2020-0682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0682>)\n * [CVE-2020-0683](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683>)\n * [CVE-2020-0685](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0685>)\n * [CVE-2020-0686](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0686>)\n * [CVE-2020-0688](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688>)\n * [CVE-2020-0689](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0689>)\n * [CVE-2020-0691](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0691>)\n * [CVE-2020-0692](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692>)\n * [CVE-2020-0694](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0694>)\n * [CVE-2020-0695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-00695>)\n * [CVE-2020-0696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0696>)\n * [CVE-2020-0697](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697>)\n * [CVE-2020-0698](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0698>)\n * [CVE-2020-0701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0701>)\n * [CVE-2020-0703](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0703>)\n * [CVE-2020-0704](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0704>)\n * [CVE-2020-0705](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0705>)\n * [CVE-2020-0706](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0706>)\n * [CVE-2020-0707](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0707>)\n * [CVE-2020-0708](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0708>)\n * [CVE-2020-0709](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0709>)\n * [CVE-2020-0714](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0714>)\n * [CVE-2020-0715](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0715>)\n * [CVE-2020-0716](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0716>)\n * [CVE-2020-0717](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0717>)\n * [CVE-2020-0719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0719>)\n * [CVE-2020-0720](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0720>)\n * [CVE-2020-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0721>)\n * [CVE-2020-0722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0722>)\n * [CVE-2020-0723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0723>)\n * [CVE-2020-0724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0724>)\n * [CVE-2020-0725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0725>)\n * [CVE-2020-0726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0726>)\n * [CVE-2020-0727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0727>)\n * [CVE-2020-0728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728>)\n * [CVE-2020-0730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0730>)\n * [CVE-2020-0731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0731>)\n * [CVE-2020-0732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0732>)\n * [CVE-2020-0733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0733>)\n * [CVE-2020-0735](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0735>)\n * [CVE-2020-0736](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0736>)\n * [CVE-2020-0737](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0737>)\n * [CVE-2020-0739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0739>)\n * [CVE-2020-0740](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0740>)\n * [CVE-2020-0741](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0741>)\n * [CVE-2020-0742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0742>)\n * [CVE-2020-0743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0743>)\n * [CVE-2020-0744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0744>)\n * [CVE-2020-0745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0745>)\n * [CVE-2020-0746](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0746>)\n * [CVE-2020-0747](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0747>)\n * [CVE-2020-0748](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0748>)\n * [CVE-2020-0749](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0749>)\n * [CVE-2020-0750](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0750>)\n * [CVE-2020-0751](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0751>)\n * [CVE-2020-0752](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0752>)\n * [CVE-2020-0753](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0753>)\n * [CVE-2020-0754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0754>)\n * [CVE-2020-0755](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0755>)\n * [CVE-2020-0756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0756>)\n * [CVE-2020-0759](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0759>)\n * [CVE-2020-0766](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0766>)\n * [CVE-2020-0693](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0693>) \n * [CVE-2020-0702](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0702>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 48701, 48702, 53050 - 53056, 53061, 53072, 53073, 53079 - 53089\n\n", "modified": "2020-02-13T08:22:46", "published": "2020-02-13T08:22:46", "id": "TALOSBLOG:EA0E0FACD93EAC05E55A6C64CC82F3F6", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/CHB5rchyPEo/microsoft-patch-tuesday-feb-2020.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Feb. 2020: Vulnerability disclosures and Snort coverage", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
