A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.
{"mscve": [{"lastseen": "2023-06-14T15:27:23", "description": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.\n\nAn attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.\n\nThe security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-13T07:00:00", "type": "mscve", "title": "Windows Hyper-V Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16891"], "modified": "2020-10-13T07:00:00", "id": "MS:CVE-2020-16891", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16891", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:49", "description": "[](<https://thehackernews.com/images/-P25Aj2pIdU8/X4bOLR8F4AI/AAAAAAAAA4I/ssjGOq33ezggOeKe6QlubDqh6ObkWDpvgCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nMicrosoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its [October 2020 Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct>), including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook.\n\nThe flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and Office Services and Web Apps, Visual Studio, Azure Functions, .NET Framework, Microsoft Dynamics, Open Source Software, Exchange Server, and the Windows Codecs Library.\n\nAlthough none of these flaws are listed as being under active attack, six vulnerabilities are listed as publicly known at the time of release.\n\nChief among the most critical bugs patched this month include [CVE-2020-16898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898>) (CVSS score 9.8). According to Microsoft, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer to exploit the RCE flaw in the TCP/IP stack to execute arbitrary code on the target client or server.\n\nAccording to [McAfee](<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-16898-bad-neighbor/>) security experts, 'this type of bug could be made wormable,' allowing hackers to launch an attack that can spread from one vulnerable computer to another without any human interaction.\n\nA second vulnerability to keep track of is [CVE-2020-16947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16947>), which concerns an RCE flaw on affected versions of Outlook that could allow code execution just by viewing a specially crafted email.\n\n\"If the current user is logged on with administrative user rights, an attacker could take control of the affected system,\" Microsoft noted in its advisory. \"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\"\n\nAnother critical RCE vulnerability in Windows Hyper-V ([CVE-2020-16891](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16891>), CVSS score 8.8) exists due to improper validation of input from an authenticated user on a guest operating system.\n\nAs a result, an adversary could exploit this flaw to run a specially crafted program on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.\n\nTwo other critical RCE flaws ([CVE-2020-16967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16967>) and [CVE-2020-16968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16968>)) affect Windows Camera Codec Pack, permitting an attacker to send a malicious file that, when opened, exploits the flaw to run arbitrary code in the context of the current user.\n\nFinally, the patch also addresses a privilege escalation flaw ([CVE-2020-16909](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16909>)) associated with Windows Error Reporting (WER) component that could allow an authenticated attacker to execute malicious applications with escalated privileges and gain access to sensitive information.\n\nOther critical flaws fixed by Microsoft this month include RCE flaws in SharePoint, Media Foundation Library, Base3D rendering engine, Graphics Components, and the Windows Graphics Device Interface (GDI).\n\nIt's highly recommended that Windows users and system administrators apply the latest security patches to mitigate the threats associated with these issues. \n\nFor installing the latest [security updates](<https://support.microsoft.com/en-in/help/4027667/windows-10-update>), Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-14T10:10:00", "type": "thn", "title": "Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16891", "CVE-2020-16898", "CVE-2020-16909", "CVE-2020-16947", "CVE-2020-16967", "CVE-2020-16968"], "modified": "2020-10-16T06:20:48", "id": "THN:C3154ED3ABE28924B7CC42873DED19BB", "href": "https://thehackernews.com/2020/10/windows-tcp-ip-patch-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-09-12T15:28:00", "description": "The remote Windows host is missing security update 4580385 or cumulative update 4580378. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-16923)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580385: Windows Server 2008 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16891", "CVE-2020-16897", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16914", "CVE-2020-16916", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16935", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580378.NASL", "href": "https://www.tenable.com/plugins/nessus/141432", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141432);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16891\",\n \"CVE-2020-16897\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16914\",\n \"CVE-2020-16916\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16935\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\"\n );\n script_xref(name:\"MSKB\", value:\"4580378\");\n script_xref(name:\"MSKB\", value:\"4580385\");\n script_xref(name:\"MSFT\", value:\"MS20-4580378\");\n script_xref(name:\"MSFT\", value:\"MS20-4580385\");\n script_xref(name:\"IAVA\", value:\"2020-A-0458-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580385: Windows Server 2008 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580385\nor cumulative update 4580378. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-16923)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580385\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4580385 or Cumulative Update KB4580378.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16924\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16891\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580378',\n '4580385'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580378, 4580385])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:27:59", "description": "The remote Windows host is missing security update 4580353 or cumulative update 4580382. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16920)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-16923)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580353: Windows Server 2012 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16897", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16911", "CVE-2020-16914", "CVE-2020-16916", "CVE-2020-16920", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16935", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16980"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580382.NASL", "href": "https://www.tenable.com/plugins/nessus/141426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141426);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16897\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16911\",\n \"CVE-2020-16914\",\n \"CVE-2020-16916\",\n \"CVE-2020-16920\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16935\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16980\"\n );\n script_xref(name:\"MSKB\", value:\"4580353\");\n script_xref(name:\"MSKB\", value:\"4580382\");\n script_xref(name:\"MSFT\", value:\"MS20-4580353\");\n script_xref(name:\"MSFT\", value:\"MS20-4580382\");\n script_xref(name:\"IAVA\", value:\"2020-A-0458-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580353: Windows Server 2012 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580353\nor cumulative update 4580382. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16920)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-16923)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580382\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4580353 or Cumulative Update KB4580382.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16924\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16911\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580382',\n '4580353'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580382, 4580353])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:26:57", "description": "The remote Windows host is missing security update 4580358 or cumulative update 4580347. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16920)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-16923)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580358: Windows 8.1 and Windows Server 2012 R2 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16911", "CVE-2020-16914", "CVE-2020-16916", "CVE-2020-16920", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16980"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580347.NASL", "href": "https://www.tenable.com/plugins/nessus/141416", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141416);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16911\",\n \"CVE-2020-16914\",\n \"CVE-2020-16916\",\n \"CVE-2020-16920\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16980\"\n );\n script_xref(name:\"MSKB\", value:\"4580358\");\n script_xref(name:\"MSKB\", value:\"4580347\");\n script_xref(name:\"MSFT\", value:\"MS20-4580358\");\n script_xref(name:\"MSFT\", value:\"MS20-4580347\");\n script_xref(name:\"IAVA\", value:\"2020-A-0458-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580358: Windows 8.1 and Windows Server 2012 R2 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580358\nor cumulative update 4580347. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16920)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-16923)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580358/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580347/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4580358 or Cumulative Update KB4580347.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16924\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16911\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580347',\n '4580358'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580347, 4580358])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:24:04", "description": "The remote Windows host is missing security update 4580387 or cumulative update 4580345. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16920)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop responding. (CVE-2020-16863)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-16923)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580387: Windows 7 and Windows Server 2008 R2 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16863", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16891", "CVE-2020-16897", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16912", "CVE-2020-16914", "CVE-2020-16916", "CVE-2020-16920", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580345.NASL", "href": "https://www.tenable.com/plugins/nessus/141431", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141431);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16863\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16891\",\n \"CVE-2020-16897\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16912\",\n \"CVE-2020-16914\",\n \"CVE-2020-16916\",\n \"CVE-2020-16920\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\"\n );\n script_xref(name:\"MSKB\", value:\"4580387\");\n script_xref(name:\"MSKB\", value:\"4580345\");\n script_xref(name:\"MSFT\", value:\"MS20-4580387\");\n script_xref(name:\"MSFT\", value:\"MS20-4580345\");\n script_xref(name:\"IAVA\", value:\"2020-A-0458-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580387: Windows 7 and Windows Server 2008 R2 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580387\nor cumulative update 4580345. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16920)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Service when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the Remote Desktop Service on\n the target system to stop responding. (CVE-2020-16863)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-16923)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580387/windows-7-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580345/windows-7-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4580387 or Cumulative Update KB4580345.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16924\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16891\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580345',\n '4580387'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580345, 4580387])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:28:01", "description": "The remote Windows host is missing security update 4580327. It is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. (CVE-2020-16910)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. (CVE-2020-16919)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580327: Windows 10 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0764", "CVE-2020-1167", "CVE-2020-16876", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16914", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16967", "CVE-2020-16968", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580327.NASL", "href": "https://www.tenable.com/plugins/nessus/141424", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141424);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0764\",\n \"CVE-2020-1167\",\n \"CVE-2020-16876\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16905\",\n \"CVE-2020-16909\",\n \"CVE-2020-16910\",\n \"CVE-2020-16911\",\n \"CVE-2020-16912\",\n \"CVE-2020-16914\",\n \"CVE-2020-16916\",\n \"CVE-2020-16919\",\n \"CVE-2020-16920\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16967\",\n \"CVE-2020-16968\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\"\n );\n script_xref(name:\"MSKB\", value:\"4580327\");\n script_xref(name:\"MSFT\", value:\"MS20-4580327\");\n script_xref(name:\"IAVA\", value:\"2020-A-0457-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580327: Windows 10 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580327. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - A remote code execution vulnerability exists when the\n Windows Camera Codec Pack improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when\n Microsoft Windows fails to handle file creation\n permissions, which could allow an attacker to create\n files in a protected Unified Extensible Firmware\n Interface (UEFI) location. (CVE-2020-16910)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - An information disclosure vulnerability exists when the\n Windows Enterprise App Management Service improperly\n handles certain file operations. An attacker who\n successfully exploited this vulnerability could read\n arbitrary files. An attacker with unprivileged access to\n a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by\n ensuring the Windows Enterprise App Management Service\n properly handles file operations. (CVE-2020-16919)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580327\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4580327.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16968\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16911\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580327'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580327])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:28:06", "description": "The remote Windows host is missing security update 4580346.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP traffic. (CVE-2020-16894)\n\n - An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. (CVE-2020-16910)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. (CVE-2020-1243)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. (CVE-2020-16919)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580346: Windows 10 Version 1607 and Windows Server 2016 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0764", "CVE-2020-1167", "CVE-2020-1243", "CVE-2020-16876", "CVE-2020-16885", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16894", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16914", "CVE-2020-16915", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976", "CVE-2020-16980"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580346.NASL", "href": "https://www.tenable.com/plugins/nessus/141434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141434);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0764\",\n \"CVE-2020-1167\",\n \"CVE-2020-1243\",\n \"CVE-2020-16876\",\n \"CVE-2020-16885\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16894\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16905\",\n \"CVE-2020-16909\",\n \"CVE-2020-16910\",\n \"CVE-2020-16911\",\n \"CVE-2020-16912\",\n \"CVE-2020-16914\",\n \"CVE-2020-16915\",\n \"CVE-2020-16916\",\n \"CVE-2020-16919\",\n \"CVE-2020-16920\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\",\n \"CVE-2020-16980\"\n );\n script_xref(name:\"MSKB\", value:\"4580346\");\n script_xref(name:\"MSFT\", value:\"MS20-4580346\");\n script_xref(name:\"IAVA\", value:\"2020-A-0457-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0458-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580346: Windows 10 Version 1607 and Windows Server 2016 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580346.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - A remote code execution vulnerability exists when\n Windows Network Address Translation (NAT) fails to\n properly handle UDP traffic. (CVE-2020-16894)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage VSP Driver improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when\n Microsoft Windows fails to handle file creation\n permissions, which could allow an attacker to create\n files in a protected Unified Extensible Firmware\n Interface (UEFI) location. (CVE-2020-16910)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-1243)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - An information disclosure vulnerability exists when the\n Windows Enterprise App Management Service improperly\n handles certain file operations. An attacker who\n successfully exploited this vulnerability could read\n arbitrary files. An attacker with unprivileged access to\n a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by\n ensuring the Windows Enterprise App Management Service\n properly handles file operations. (CVE-2020-16919)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580346\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4580346.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16924\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16915\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580346'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580346])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:21", "description": "The remote Windows host is missing security update 4577668.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. (CVE-2020-1047, CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. (CVE-2020-16919)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4577668: Windows 10 Version 1809 and Windows Server 2019 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0764", "CVE-2020-1047", "CVE-2020-1080", "CVE-2020-1167", "CVE-2020-1243", "CVE-2020-16876", "CVE-2020-16885", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16890", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16895", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16898", "CVE-2020-16899", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16907", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16913", "CVE-2020-16914", "CVE-2020-16915", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16921", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976", "CVE-2020-16980"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4577668.NASL", "href": "https://www.tenable.com/plugins/nessus/141433", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141433);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\n \"CVE-2020-0764\",\n \"CVE-2020-1047\",\n \"CVE-2020-1080\",\n \"CVE-2020-1167\",\n \"CVE-2020-1243\",\n \"CVE-2020-16876\",\n \"CVE-2020-16885\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16890\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16895\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16898\",\n \"CVE-2020-16899\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16905\",\n \"CVE-2020-16907\",\n \"CVE-2020-16909\",\n \"CVE-2020-16910\",\n \"CVE-2020-16911\",\n \"CVE-2020-16912\",\n \"CVE-2020-16913\",\n \"CVE-2020-16914\",\n \"CVE-2020-16915\",\n \"CVE-2020-16916\",\n \"CVE-2020-16919\",\n \"CVE-2020-16920\",\n \"CVE-2020-16921\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\",\n \"CVE-2020-16980\"\n );\n script_xref(name:\"MSKB\", value:\"4577668\");\n script_xref(name:\"MSFT\", value:\"MS20-4577668\");\n script_xref(name:\"IAVA\", value:\"2020-A-0457-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0458-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4577668: Windows 10 Version 1809 and Windows Server 2019 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4577668.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage VSP Driver improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could gain the ability to\n execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when\n Microsoft Windows fails to handle file creation\n permissions, which could allow an attacker to create\n files in a protected Unified Extensible Firmware\n Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could cause a target system\n to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text\n Services Framework when it fails to properly handle\n objects in memory. An attacker who successfully\n exploited this vulnerability could potentially read data\n that was not intended to be disclosed. Note that this\n vulnerability would not allow an attacker to execute\n code or to elevate their user rights directly, but it\n could be used to obtain information that could be used\n to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16980)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n handle objects in memory. An attacker who successfully\n exploited these vulnerabilities could gain elevated\n privileges on a target operating system. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerabilities by correcting how Windows Hyper-V\n handles objects in memory. (CVE-2020-1047,\n CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the\n Windows Enterprise App Management Service improperly\n handles certain file operations. An attacker who\n successfully exploited this vulnerability could read\n arbitrary files. An attacker with unprivileged access to\n a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by\n ensuring the Windows Enterprise App Management Service\n properly handles file operations. (CVE-2020-16919)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4577668\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4577668.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16924\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16915\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-10\";\nkbs = make_list('4577668');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"10_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4577668])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:47", "description": "The remote Windows host is missing security update 4579311.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions. (CVE-2020-16877)\n\n - A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. (CVE-2020-16910)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16938)\n\n - A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. (CVE-2020-1047, CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. (CVE-2020-16919)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4579311: Windows 10 Version 2004 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0764", "CVE-2020-1047", "CVE-2020-1080", "CVE-2020-1167", "CVE-2020-1243", "CVE-2020-16876", "CVE-2020-16877", "CVE-2020-16885", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16890", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16895", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16898", "CVE-2020-16899", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16907", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16913", "CVE-2020-16914", "CVE-2020-16915", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16921", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16938", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16967", "CVE-2020-16968", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4579311.NASL", "href": "https://www.tenable.com/plugins/nessus/141423", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141423);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\n \"CVE-2020-0764\",\n \"CVE-2020-1047\",\n \"CVE-2020-1080\",\n \"CVE-2020-1167\",\n \"CVE-2020-1243\",\n \"CVE-2020-16876\",\n \"CVE-2020-16877\",\n \"CVE-2020-16885\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16890\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16895\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16898\",\n \"CVE-2020-16899\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16905\",\n \"CVE-2020-16907\",\n \"CVE-2020-16909\",\n \"CVE-2020-16910\",\n \"CVE-2020-16911\",\n \"CVE-2020-16912\",\n \"CVE-2020-16913\",\n \"CVE-2020-16914\",\n \"CVE-2020-16915\",\n \"CVE-2020-16916\",\n \"CVE-2020-16919\",\n \"CVE-2020-16920\",\n \"CVE-2020-16921\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16938\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16967\",\n \"CVE-2020-16968\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\"\n );\n script_xref(name:\"MSKB\", value:\"4579311\");\n script_xref(name:\"MSFT\", value:\"MS20-4579311\");\n script_xref(name:\"IAVA\", value:\"2020-A-0457-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0458-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4579311: Windows 10 Version 2004 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4579311.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage VSP Driver improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could gain the ability to\n execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows improperly handles reparse points. An\n attacker who successfully exploited this vulnerability\n could overwrite or delete a targeted file that would\n normally require elevated permissions. (CVE-2020-16877)\n\n - A security feature bypass vulnerability exists when\n Microsoft Windows fails to handle file creation\n permissions, which could allow an attacker to create\n files in a protected Unified Extensible Firmware\n Interface (UEFI) location. (CVE-2020-16910)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-16938)\n\n - A denial of service vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could cause a target system\n to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text\n Services Framework when it fails to properly handle\n objects in memory. An attacker who successfully\n exploited this vulnerability could potentially read data\n that was not intended to be disclosed. Note that this\n vulnerability would not allow an attacker to execute\n code or to elevate their user rights directly, but it\n could be used to obtain information that could be used\n to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the\n Windows Camera Codec Pack improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n handle objects in memory. An attacker who successfully\n exploited these vulnerabilities could gain elevated\n privileges on a target operating system. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerabilities by correcting how Windows Hyper-V\n handles objects in memory. (CVE-2020-1047,\n CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the\n Windows Enterprise App Management Service improperly\n handles certain file operations. An attacker who\n successfully exploited this vulnerability could read\n arbitrary files. An attacker with unprivileged access to\n a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by\n ensuring the Windows Enterprise App Management Service\n properly handles file operations. (CVE-2020-16919)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4579311\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4579311.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16968\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16915\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-10\";\nkbs = make_list('4579311');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"10_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4579311])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:08", "description": "The remote Windows host is missing security update 4580330.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. (CVE-2020-1047, CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. (CVE-2020-16919)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580330: Windows 10 Version 1803 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0764", "CVE-2020-1047", "CVE-2020-1080", "CVE-2020-1167", "CVE-2020-1243", "CVE-2020-16876", "CVE-2020-16885", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16890", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16895", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16898", "CVE-2020-16899", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16907", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16913", "CVE-2020-16914", "CVE-2020-16915", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16921", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16967", "CVE-2020-16968", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580330.NASL", "href": "https://www.tenable.com/plugins/nessus/141422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141422);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\n \"CVE-2020-0764\",\n \"CVE-2020-1047\",\n \"CVE-2020-1080\",\n \"CVE-2020-1167\",\n \"CVE-2020-1243\",\n \"CVE-2020-16876\",\n \"CVE-2020-16885\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16890\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16895\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16898\",\n \"CVE-2020-16899\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16905\",\n \"CVE-2020-16907\",\n \"CVE-2020-16909\",\n \"CVE-2020-16910\",\n \"CVE-2020-16911\",\n \"CVE-2020-16912\",\n \"CVE-2020-16913\",\n \"CVE-2020-16914\",\n \"CVE-2020-16915\",\n \"CVE-2020-16916\",\n \"CVE-2020-16919\",\n \"CVE-2020-16920\",\n \"CVE-2020-16921\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16967\",\n \"CVE-2020-16968\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\"\n );\n script_xref(name:\"MSKB\", value:\"4580330\");\n script_xref(name:\"MSFT\", value:\"MS20-4580330\");\n script_xref(name:\"IAVA\", value:\"2020-A-0457-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580330: Windows 10 Version 1803 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580330.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage VSP Driver improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could gain the ability to\n execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when\n Microsoft Windows fails to handle file creation\n permissions, which could allow an attacker to create\n files in a protected Unified Extensible Firmware\n Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could cause a target system\n to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text\n Services Framework when it fails to properly handle\n objects in memory. An attacker who successfully\n exploited this vulnerability could potentially read data\n that was not intended to be disclosed. Note that this\n vulnerability would not allow an attacker to execute\n code or to elevate their user rights directly, but it\n could be used to obtain information that could be used\n to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the\n Windows Camera Codec Pack improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n handle objects in memory. An attacker who successfully\n exploited these vulnerabilities could gain elevated\n privileges on a target operating system. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerabilities by correcting how Windows Hyper-V\n handles objects in memory. (CVE-2020-1047,\n CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the\n Windows Enterprise App Management Service improperly\n handles certain file operations. An attacker who\n successfully exploited this vulnerability could read\n arbitrary files. An attacker with unprivileged access to\n a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by\n ensuring the Windows Enterprise App Management Service\n properly handles file operations. (CVE-2020-16919)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580330\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4580330.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16968\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16915\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580330'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580330])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:47", "description": "The remote Windows host is missing security update 4580328 or 4577041. It is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. (CVE-2020-1047)\n\n - An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. (CVE-2020-16919)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4580328: Windows 10 Version 1709 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0764", "CVE-2020-1047", "CVE-2020-1167", "CVE-2020-1243", "CVE-2020-16876", "CVE-2020-16885", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16890", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16898", "CVE-2020-16899", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16907", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16913", "CVE-2020-16914", "CVE-2020-16915", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16921", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16967", "CVE-2020-16968", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4580328.NASL", "href": "https://www.tenable.com/plugins/nessus/141420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141420);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\n \"CVE-2020-0764\",\n \"CVE-2020-1047\",\n \"CVE-2020-1167\",\n \"CVE-2020-1243\",\n \"CVE-2020-16876\",\n \"CVE-2020-16885\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16890\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16898\",\n \"CVE-2020-16899\",\n \"CVE-2020-16900\",\n \"CVE-2020-16902\",\n \"CVE-2020-16905\",\n \"CVE-2020-16907\",\n \"CVE-2020-16909\",\n \"CVE-2020-16910\",\n \"CVE-2020-16911\",\n \"CVE-2020-16912\",\n \"CVE-2020-16913\",\n \"CVE-2020-16914\",\n \"CVE-2020-16915\",\n \"CVE-2020-16916\",\n \"CVE-2020-16919\",\n \"CVE-2020-16920\",\n \"CVE-2020-16921\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16967\",\n \"CVE-2020-16968\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\"\n );\n script_xref(name:\"MSKB\", value:\"4580328\");\n script_xref(name:\"MSKB\", value:\"4577041\");\n script_xref(name:\"MSFT\", value:\"MS20-4580328\");\n script_xref(name:\"MSFT\", value:\"MS20-4577041\");\n script_xref(name:\"IAVA\", value:\"2020-A-0457-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4580328: Windows 10 Version 1709 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4580328\nor 4577041. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage VSP Driver improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-16885)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could gain the ability to\n execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - A security feature bypass vulnerability exists when\n Microsoft Windows fails to handle file creation\n permissions, which could allow an attacker to create\n files in a protected Unified Extensible Firmware\n Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could cause a target system\n to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text\n Services Framework when it fails to properly handle\n objects in memory. An attacker who successfully\n exploited this vulnerability could potentially read data\n that was not intended to be disclosed. Note that this\n vulnerability would not allow an attacker to execute\n code or to elevate their user rights directly, but it\n could be used to obtain information that could be used\n to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the\n Windows Camera Codec Pack improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n handle objects in memory. An attacker who successfully\n exploited these vulnerabilities could gain elevated\n privileges on a target operating system. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerabilities by correcting how Windows Hyper-V\n handles objects in memory. (CVE-2020-1047)\n\n - An information disclosure vulnerability exists when the\n Windows Enterprise App Management Service improperly\n handles certain file operations. An attacker who\n successfully exploited this vulnerability could read\n arbitrary files. An attacker with unprivileged access to\n a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by\n ensuring the Windows Enterprise App Management Service\n properly handles file operations. (CVE-2020-16919)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4580328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4577041\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4580328.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16968\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16915\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list(\n '4580328'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'10_2020',\n bulletin:bulletin,\n rollup_kb_list:[4580328])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:36", "description": "The remote Windows host is missing security update 4577671.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions. (CVE-2020-16877)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. (CVE-2020-1047, CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. (CVE-2020-16919)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2020-16901)", "cvss3": {}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "KB4577671: Windows 10 Version 1903 and Windows 10 Version 1909 October 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0764", "CVE-2020-1047", "CVE-2020-1080", "CVE-2020-1167", "CVE-2020-1243", "CVE-2020-16876", "CVE-2020-16877", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16890", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16895", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16898", "CVE-2020-16899", "CVE-2020-16900", "CVE-2020-16901", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16907", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16913", "CVE-2020-16914", "CVE-2020-16915", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16921", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16937", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16967", "CVE-2020-16968", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_OCT_4577671.NASL", "href": "https://www.tenable.com/plugins/nessus/141427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141427);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\n \"CVE-2020-0764\",\n \"CVE-2020-1047\",\n \"CVE-2020-1080\",\n \"CVE-2020-1167\",\n \"CVE-2020-1243\",\n \"CVE-2020-16876\",\n \"CVE-2020-16877\",\n \"CVE-2020-16887\",\n \"CVE-2020-16889\",\n \"CVE-2020-16890\",\n \"CVE-2020-16891\",\n \"CVE-2020-16892\",\n \"CVE-2020-16895\",\n \"CVE-2020-16896\",\n \"CVE-2020-16897\",\n \"CVE-2020-16898\",\n \"CVE-2020-16899\",\n \"CVE-2020-16900\",\n \"CVE-2020-16901\",\n \"CVE-2020-16902\",\n \"CVE-2020-16905\",\n \"CVE-2020-16907\",\n \"CVE-2020-16909\",\n \"CVE-2020-16910\",\n \"CVE-2020-16911\",\n \"CVE-2020-16912\",\n \"CVE-2020-16913\",\n \"CVE-2020-16914\",\n \"CVE-2020-16915\",\n \"CVE-2020-16916\",\n \"CVE-2020-16919\",\n \"CVE-2020-16920\",\n \"CVE-2020-16921\",\n \"CVE-2020-16922\",\n \"CVE-2020-16923\",\n \"CVE-2020-16924\",\n \"CVE-2020-16927\",\n \"CVE-2020-16935\",\n \"CVE-2020-16936\",\n \"CVE-2020-16937\",\n \"CVE-2020-16939\",\n \"CVE-2020-16940\",\n \"CVE-2020-16967\",\n \"CVE-2020-16968\",\n \"CVE-2020-16972\",\n \"CVE-2020-16973\",\n \"CVE-2020-16974\",\n \"CVE-2020-16975\",\n \"CVE-2020-16976\"\n );\n script_xref(name:\"MSKB\", value:\"4577671\");\n script_xref(name:\"MSFT\", value:\"MS20-4577671\");\n script_xref(name:\"IAVA\", value:\"2020-A-0457-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0126\");\n\n script_name(english:\"KB4577671: Windows 10 Version 1903 and Windows 10 Version 1909 October 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4577671.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-16922)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-16895)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-16924)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows improperly handles reparse points. An\n attacker who successfully exploited this vulnerability\n could overwrite or delete a targeted file that would\n normally require elevated permissions. (CVE-2020-16877)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1167, CVE-2020-16923)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-16891)\n\n - A remote code execution vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could gain the ability to\n execute code on the target server or client.\n (CVE-2020-16898)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-16892)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability.\n (CVE-2020-16914)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-16902)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-0764)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-16890)\n\n - An information disclosure vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16896)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-16911)\n\n - An information disclosure vulnerability exists when\n NetBIOS over TCP (NBT) Extensions (NetBT) improperly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2020-16897)\n\n - An elevation of privilege vulnerability exists when the\n Windows Application Compatibility Client Library\n improperly handles registry operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. (CVE-2020-16876, CVE-2020-16920)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-16915)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles junction points. An attacker who successfully\n exploited this vulnerability could delete files and\n folders in an elevated context. (CVE-2020-16940)\n\n - A security feature bypass vulnerability exists when\n Microsoft Windows fails to handle file creation\n permissions, which could allow an attacker to create\n files in a protected Unified Extensible Firmware\n Interface (UEFI) location. (CVE-2020-16910)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-16927)\n\n - A denial of service vulnerability exists when the\n Windows TCP/IP stack improperly handles ICMPv6 Router\n Advertisement packets. An attacker who successfully\n exploited this vulnerability could cause a target system\n to stop responding. (CVE-2020-16899)\n\n - An elevation of privilege vulnerability exists when\n Group Policy improperly checks access. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-16939)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-16905, CVE-2020-16909)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-1243)\n\n - An information disclosure vulnerability exists in Text\n Services Framework when it fails to properly handle\n objects in memory. An attacker who successfully\n exploited this vulnerability could potentially read data\n that was not intended to be disclosed. Note that this\n vulnerability would not allow an attacker to execute\n code or to elevate their user rights directly, but it\n could be used to obtain information that could be used\n to try to further compromise the affected system.\n (CVE-2020-16921)\n\n - A remote code execution vulnerability exists when the\n Windows Camera Codec Pack improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16967, CVE-2020-16968)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-16887)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-16912, CVE-2020-16936,\n CVE-2020-16972, CVE-2020-16973, CVE-2020-16974,\n CVE-2020-16975, CVE-2020-16976)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-16907, CVE-2020-16913)\n\n - An information disclosure vulnerability exists when the\n .NET Framework improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could disclose contents of an affected system's memory.\n (CVE-2020-16937)\n\n - An information disclosure vulnerability exists when the\n Windows KernelStream improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-16889)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-16916, CVE-2020-16935)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event System improperly handles objects in\n memory. (CVE-2020-16900)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n handle objects in memory. An attacker who successfully\n exploited these vulnerabilities could gain elevated\n privileges on a target operating system. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerabilities by correcting how Windows Hyper-V\n handles objects in memory. (CVE-2020-1047,\n CVE-2020-1080)\n\n - An information disclosure vulnerability exists when the\n Windows Enterprise App Management Service improperly\n handles certain file operations. An attacker who\n successfully exploited this vulnerability could read\n arbitrary files. An attacker with unprivileged access to\n a vulnerable system could exploit this vulnerability.\n The security update addresses the vulnerability by\n ensuring the Windows Enterprise App Management Service\n properly handles file operations. (CVE-2020-16919)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2020-16901)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4577671\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4577671.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16968\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-16915\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-10\";\nkbs = make_list('4577671');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"10_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4577671])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"10_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4577671])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2020-10-14T20:43:08", "description": "Microsoft has pushed out fixes for 87 security vulnerabilities in October \u2013 11 of them critical \u2013 and one of those is potentially wormable.\n\nThere are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up \u2014 and in fact at least one public exploit is already circulating for this group.\n\nThis month\u2019s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.\n\nA full 75 are listed as important, and just one is listed as moderate in severity. None are listed as being under active attack, but the group does include six issues that were known but unpatched before this month\u2019s regularly scheduled updates.\n\n\u201cAs usual, whenever possible, it\u2019s better to prioritize updates against the Windows operating system,\u201d Richard Tsang, senior software engineer at Rapid7, told Threatpost. \u201cComing in at 53 of the 87 vulnerabilities, patching the OS knocks out 60 percent of the vulnerabilities listed, along with over half of the critical RCE vulnerabilities resolved today.\u201d\n\n## **11 Critical Bugs**\n\nOne of the most notable critical bugs, according to researchers, is a remote code-execution (RCE) problem in the TCP/IP stack. That issue ([CVE-2020-16898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898>)) allows attackers to execute arbitrary code with elevated privileges using a specially crafted ICMPv6 router advertisement.\n\nMicrosoft gives this bug its highest exploitability rating, meaning attacks in the wild are extremely likely \u2013 and as such, it carries a severity rating of 9.8 out of 10 on the CvSS vulnerability scale. True to the season, it could be an administrator\u2019s horror show.\n\n\u201cIf you\u2019re running an IPv6 network, you know that filtering router advertisements is not a practical workaround,\u201d said Dustin Childs, researcher at Trend Micro\u2019s Zero-Day Initiative (ZDI), in his [Patch Tuesday analysis](<https://www.thezdi.com/blog/2020/10/13/the-october-2020-security-update-review>). \u201cYou should definitely test and deploy this patch as soon as possible.\u201d\n\n[](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)\n\nClick to Register!\n\nBharat Jogi, senior manager of vulnerability and threat research at Qualys, said that an exploit for the bug could be self-propagating, worming through infrastructure without user interaction.\n\n\u201cAn attacker can exploit this vulnerability without any authentication, and it is potentially wormable,\u201d he said. \u201cWe expect a proof-of-concept (PoC) for this exploit would be dropped soon, and we highly encourage everyone to fix this vulnerability as soon as possible.\u201d\n\nThreatpost has reached out for more technical details on the wormable aspect of the bug.\n\n\u201cLuckily, if immediate patching isn\u2019t viable due to reboot scheduling, Microsoft provides [PowerShell-based commands](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898#ID0EUGAC>) to disable ICMPv6 RDNSS on affected operating systems,\u201d said Tsang. \u201cThe PowerShell command `netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable` does not require a reboot to take effect.\u201d\n\nAnother of the critical flaws is an RCE bug in Microsoft Outlook ([CVE-2020-16947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16947>)). The bug can be triggered by sending a specially crafted email to a target; and because the Preview Pane is an attack vector, victims don\u2019t need to open the mail to be infected (ZDI already has a proof-of-concept for this). It can also be used in a web-based attack by convincing users to visit a malicious URL hosting triggering content.\n\n\u201cThe specific flaw exists within the parsing of HTML content in an email. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer,\u201d according to Childs. That bug is rated 8.1 on the CvSS scale.\n\nA critical Windows Hyper-V RCE bug ([CVE-2020-16891](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16891>), 8.8 on the CvSS scale) meanwhile allows an attacker to run a specially crafted program on an affected guest OS to execute arbitrary code on the host OS.\n\nAnd, other critical problems impact the Windows Camera Codec ([CVE-2020-16967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16967>) and [CVE-2020-16968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16968>), both 7.8 on the CvSS scale), both resulting from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer.\n\n\u201cIf the current user is logged on with administrative user rights, an attacker could take control of the affected system,\u201d according to Microsoft. \u201cAn attacker could then install programs; view, change or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u201d\n\nTwo other critical flaws are RCE problems in SharePoint Server ([CVE-2020-16951](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951>) and [CVE-2020-16952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952>), both 8.6 on the CvSS scale). They exploit a gap in checking the source markup of an application package. Upon successful exploitation, the attacker could run arbitrary code in the context of the SharePoint application pool or server farm account.\n\n\u201cIn both cases, the attacker would need to upload a specially crafted SharePoint application package to an affected version of SharePoint to get arbitrary code execution,\u201d explained Childs. \u201cThis can be accomplished by an unprivileged SharePoint user if the server\u2019s configuration allows it.\u201d\n\nTsang added that PoCs are \u201cstarting to flow out in the wild, so bringing a closure to this pair of critical remote code execution vulnerabilities is a must.\u201d\n\nThe remaining critical bugs are RCE issues in Media Foundation Library ([CVE-2020-16915](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16915>), rating 7.8); the Base3D rendering engine ([CVE-2020-17003](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17003>), rating 7.8); Graphics components ([CVE-2020-16923](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16923>), rating 7.8); and the Windows Graphics Device Interface (GDI) ([CVE-2020-16911](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16911>), rating 8.8).\n\nRegarding the latter, the vulnerability exists in the way GDI handles objects in memory, according to Allan Liska, senior security architect at Recorded Future.\n\n\u201cSuccessful exploitation could allow an attacker to gain control of the infected system with the same administrative privileges as the victim,\u201d he said, via email. \u201cThis vulnerability could be exploited by either tricking a victim into visiting a compromised website with a specially crafted document or opening a specially crafted document via a phishing attack.\u201d\n\nTsang added, \u201cA mitigating factor here is that users with fewer privileges on the system could be less impacted, but still emphasizes the importance of good security hygiene as exploitation requires convincing a user to open a specially-crafted file or to view attacker-controlled content. Unlike CVE-2020-16898, however, this vulnerability affects all supported versions of Windows OS, which may suggest affecting unsupported/earlier versions of Windows as well.\u201d\n\n## **6 Publicly Known Bugs**\n\nThere are also a half-dozen vulnerabilities that have been unpatched until this month, but which were publicly known.\n\n\u201cPublic disclosure could mean a couple things,\u201d Todd Schell, senior product manager of security at Ivanti told Threatpost. \u201cIt could be that a demonstration of exploit was performed at an event or by a researcher. It could also mean that a PoC code has been made available.\u201d\n\nWhen it comes to these publicly known bugs, a Windows Error Reporting (WER) elevation-of-privilege issue (CVE-2020-16909) stands out, according to Childs, given that bugs in the WER component [were recently reported as being used in the wild](<https://threatpost.com/apt-attack-malware-windows-error-reporting/159861/>) in fileless attacks.\n\n\n\nThe six publicly disclosed bugs. Source: Trend Micro\u2019s ZDI.\n\nAs for the others, two of are EoP bugs, in the Windows Setup component and the Windows Storage VSP Driver; two are information-disclosure problems in the kernel; and one is an information-disclosure issue in .NET Framework.\n\n\u201cThese info-disclosure bugs leak the contents of kernel memory but do not expose any personally identifiable information,\u201d Childs said.\n\nOne of the info-disclosure bugs, [CVE-2020-16938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16938>), now has a PoC exploit that was [dropped on Twitter](<https://twitter.com/jonasLyk/status/1316104870987010048>) on Tuesday, by @jonasLyk. He claimed that a \u201crecent update changed the permissions on partitions and volume device objects, granting everybody read access. This means that by opening the device directly you can read the raw data without any [privileges].\u201d\n\nWith exploits emerging already, Schell pointed out that \u201ca public disclosure does mean that threat actors have advanced warning of a vulnerability and this gives them an advantage.\u201d In fact, the [mean time to exploit a vulnerability from the moment of its disclosure is 22 days](<https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf>), according to a research study from the RAND Institute.\n\nOverall, the lighter patch load of 87 fixes is a significant departure from the 110+ patches the software giant has released every month since March.\n\n\u201cSecurity teams are still reeling from efforts around reducing exposure to CVE-2020-1472 (Zerologon), and today\u2019s Patch Tuesday thankfully brings a slightly lightened load of vulnerabilities compared to the previous seven months, with no vulnerabilities currently known to be exploited in the wild,\u201d Jonathan Cran, head of research at Kenna Security, told Threatpost. \u201cThat said, several of the vulnerabilities in today\u2019s update should be treated with a priority due to their usefulness to attackers [the critical bugs in the Win10 IPv6 stack, Outlook and Hyper-V]. These vulnerabilities all fall into the \u2018patch quickly or monitor closely\u2019 bucket.\n\nAlso, some products were notably absent from the fixes list.\n\n\u201cThere are a couple of interesting things this month,\u201d Schell told Threatpost. \u201cThere are no browser vulnerabilities being resolved. At the time of release, Microsoft did not have any CVEs reported against IE or Edge and no listing of the browsers as affected products this month. Not sure I remember the last time that has happened.\u201d\n\nPatch Tuesday rolls out this month as Microsoft launches the preview of [its new update guide](<https://threatpost.com/microsoft-overhauls-security-update-guide/159449/>).\n\n\u201cIt has provided a few nice improvements,\u201d Schell said. \u201cQuick access to more of the risk-focused information can be found in [the vulnerabilities view](<https://msrc.microsoft.com/update-guide/vulnerability>). Columns like \u2018Exploited\u2019 and \u2018Publicly Disclosed\u2019 allow you to sort and view quickly if there are high-risk items.\u201d\n\n[**On October 14 at 2 PM ET**](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)** Get the latest information on the rising threats to retail e-commerce security and how to stop them. **[**Register today**](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)** for this FREE Threatpost webinar, \u201c**[**Retail Security: Magecart and the Rise of e-Commerce Threats.**](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)**\u201d Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this **[**LIVE **](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)**webinar.**\n", "cvss3": {}, "published": "2020-10-13T20:44:01", "type": "threatpost", "title": "October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472", "CVE-2020-16891", "CVE-2020-16898", "CVE-2020-16909", "CVE-2020-16911", "CVE-2020-16915", "CVE-2020-16923", "CVE-2020-16938", "CVE-2020-16947", "CVE-2020-16951", "CVE-2020-16952", "CVE-2020-16967", "CVE-2020-16968", "CVE-2020-17003", "CVE-2020-5135"], "modified": "2020-10-13T20:44:01", "id": "THREATPOST:779B904F971138531725D1E57FDFF9DD", "href": "https://threatpost.com/october-patch-tuesday-wormable-bug/160044/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-06-06T15:23:13", "description": "### *Detect date*:\n10/13/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2012 R2 \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows RT 8.1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2012 \nWindows Server 2016 \nWindows 8.1 for x64-based systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-16889](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16889>) \n[CVE-2020-16887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16887>) \n[CVE-2020-16924](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16924>) \n[CVE-2020-16863](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16863>) \n[CVE-2020-16920](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16920>) \n[CVE-2020-16922](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16922>) \n[CVE-2020-16923](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16923>) \n[CVE-2020-16902](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16902>) \n[CVE-2020-16900](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16900>) \n[CVE-2020-16940](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16940>) \n[CVE-2020-16891](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16891>) \n[CVE-2020-16897](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16897>) \n[CVE-2020-16973](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16973>) \n[CVE-2020-16972](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16972>) \n[CVE-2020-16976](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16976>) \n[CVE-2020-16975](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16975>) \n[CVE-2020-16974](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16974>) \n[CVE-2020-16936](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16936>) \n[CVE-2020-16935](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16935>) \n[CVE-2020-16914](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16914>) \n[CVE-2020-16916](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16916>) \n[CVE-2020-16939](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16939>) \n[CVE-2020-16912](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16912>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-16923](<https://vulners.com/cve/CVE-2020-16923>)6.8High \n[CVE-2020-16889](<https://vulners.com/cve/CVE-2020-16889>)2.1Warning \n[CVE-2020-16887](<https://vulners.com/cve/CVE-2020-16887>)4.6Warning \n[CVE-2020-16902](<https://vulners.com/cve/CVE-2020-16902>)7.2High \n[CVE-2020-16939](<https://vulners.com/cve/CVE-2020-16939>)4.6Warning \n[CVE-2020-16972](<https://vulners.com/cve/CVE-2020-16972>)4.6Warning \n[CVE-2020-16940](<https://vulners.com/cve/CVE-2020-16940>)4.9Warning \n[CVE-2020-16920](<https://vulners.com/cve/CVE-2020-16920>)4.6Warning \n[CVE-2020-16922](<https://vulners.com/cve/CVE-2020-16922>)2.1Warning \n[CVE-2020-16924](<https://vulners.com/cve/CVE-2020-16924>)9.3Critical \n[CVE-2020-16900](<https://vulners.com/cve/CVE-2020-16900>)4.6Warning \n[CVE-2020-16891](<https://vulners.com/cve/CVE-2020-16891>)7.2High \n[CVE-2020-16897](<https://vulners.com/cve/CVE-2020-16897>)2.1Warning \n[CVE-2020-16973](<https://vulners.com/cve/CVE-2020-16973>)4.6Warning \n[CVE-2020-16976](<https://vulners.com/cve/CVE-2020-16976>)4.6Warning \n[CVE-2020-16975](<https://vulners.com/cve/CVE-2020-16975>)4.6Warning \n[CVE-2020-16974](<https://vulners.com/cve/CVE-2020-16974>)4.6Warning \n[CVE-2020-16936](<https://vulners.com/cve/CVE-2020-16936>)4.6Warning \n[CVE-2020-16935](<https://vulners.com/cve/CVE-2020-16935>)7.2High \n[CVE-2020-16912](<https://vulners.com/cve/CVE-2020-16912>)4.6Warning \n[CVE-2020-16914](<https://vulners.com/cve/CVE-2020-16914>)2.1Warning \n[CVE-2020-16916](<https://vulners.com/cve/CVE-2020-16916>)7.2High \n[CVE-2020-16863](<https://vulners.com/cve/CVE-2020-16863>)7.8Critical\n\n### *KB list*:\n[4580387](<http://support.microsoft.com/kb/4580387>) \n[4580385](<http://support.microsoft.com/kb/4580385>) \n[4580378](<http://support.microsoft.com/kb/4580378>) \n[4580345](<http://support.microsoft.com/kb/4580345>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-13T00:00:00", "type": "kaspersky", "title": "KLA11978 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16863", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16891", "CVE-2020-16897", "CVE-2020-16900", "CVE-2020-16902", "CVE-2020-16912", "CVE-2020-16914", "CVE-2020-16916", "CVE-2020-16920", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976"], "modified": "2022-01-18T00:00:00", "id": "KLA11978", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11978/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:23:13", "description": "### *Detect date*:\n10/13/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2012 R2 \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows RT 8.1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2012 \nWindows Server 2016 \nWindows 8.1 for x64-based systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-16923](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16923>) \n[CVE-2020-16889](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16889>) \n[CVE-2020-16887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16887>) \n[CVE-2020-16902](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16902>) \n[CVE-2020-16885](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16885>) \n[CVE-2020-16898](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16898>) \n[CVE-2020-16968](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16968>) \n[CVE-2020-16939](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16939>) \n[CVE-2020-16980](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16980>) \n[CVE-2020-16972](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16972>) \n[CVE-2020-16967](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16967>) \n[CVE-2020-16876](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16876>) \n[CVE-2020-16919](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16919>) \n[CVE-2020-16940](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16940>) \n[CVE-2020-16908](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16908>) \n[CVE-2020-16909](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16909>) \n[CVE-2020-16920](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16920>) \n[CVE-2020-16907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16907>) \n[CVE-2020-16922](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16922>) \n[CVE-2020-16905](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16905>) \n[CVE-2020-16924](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16924>) \n[CVE-2020-1243](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1243>) \n[CVE-2020-16900](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16900>) \n[CVE-2020-16927](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16927>) \n[CVE-2020-0764](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0764>) \n[CVE-2020-16890](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16890>) \n[CVE-2020-16891](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16891>) \n[CVE-2020-16892](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16892>) \n[CVE-2020-16894](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16894>) \n[CVE-2020-16901](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16901>) \n[CVE-2020-16896](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16896>) \n[CVE-2020-16897](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16897>) \n[CVE-2020-16973](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16973>) \n[CVE-2020-16899](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16899>) \n[CVE-2020-1047](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1047>) \n[CVE-2020-16976](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16976>) \n[CVE-2020-16975](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16975>) \n[CVE-2020-16974](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16974>) \n[CVE-2020-16936](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16936>) \n[CVE-2020-16935](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16935>) \n[CVE-2020-1167](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1167>) \n[CVE-2020-16877](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16877>) \n[CVE-2020-16912](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16912>) \n[CVE-2020-1080](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1080>) \n[CVE-2020-16914](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16914>) \n[CVE-2020-16916](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16916>) \n[CVE-2020-16911](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16911>) \n[CVE-2020-16910](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16910>) \n[CVE-2020-16913](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16913>) \n[CVE-2020-16938](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16938>) \n[CVE-2020-16915](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16915>) \n[CVE-2020-16921](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16921>) \n[CVE-2020-16895](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16895>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-16923](<https://vulners.com/cve/CVE-2020-16923>)6.8High \n[CVE-2020-16889](<https://vulners.com/cve/CVE-2020-16889>)2.1Warning \n[CVE-2020-16887](<https://vulners.com/cve/CVE-2020-16887>)4.6Warning \n[CVE-2020-16902](<https://vulners.com/cve/CVE-2020-16902>)7.2High \n[CVE-2020-16885](<https://vulners.com/cve/CVE-2020-16885>)4.6Warning \n[CVE-2020-16898](<https://vulners.com/cve/CVE-2020-16898>)5.8High \n[CVE-2020-16968](<https://vulners.com/cve/CVE-2020-16968>)9.3Critical \n[CVE-2020-16939](<https://vulners.com/cve/CVE-2020-16939>)4.6Warning \n[CVE-2020-16980](<https://vulners.com/cve/CVE-2020-16980>)4.6Warning \n[CVE-2020-16972](<https://vulners.com/cve/CVE-2020-16972>)4.6Warning \n[CVE-2020-16967](<https://vulners.com/cve/CVE-2020-16967>)9.3Critical \n[CVE-2020-16876](<https://vulners.com/cve/CVE-2020-16876>)4.6Warning \n[CVE-2020-16919](<https://vulners.com/cve/CVE-2020-16919>)2.1Warning \n[CVE-2020-16940](<https://vulners.com/cve/CVE-2020-16940>)4.9Warning \n[CVE-2020-16908](<https://vulners.com/cve/CVE-2020-16908>)7.2High \n[CVE-2020-16909](<https://vulners.com/cve/CVE-2020-16909>)4.6Warning \n[CVE-2020-16920](<https://vulners.com/cve/CVE-2020-16920>)4.6Warning \n[CVE-2020-16907](<https://vulners.com/cve/CVE-2020-16907>)7.2High \n[CVE-2020-16922](<https://vulners.com/cve/CVE-2020-16922>)2.1Warning \n[CVE-2020-16905](<https://vulners.com/cve/CVE-2020-16905>)4.6Warning \n[CVE-2020-16924](<https://vulners.com/cve/CVE-2020-16924>)9.3Critical \n[CVE-2020-1243](<https://vulners.com/cve/CVE-2020-1243>)4.6Warning \n[CVE-2020-16900](<https://vulners.com/cve/CVE-2020-16900>)4.6Warning \n[CVE-2020-16927](<https://vulners.com/cve/CVE-2020-16927>)7.8Critical \n[CVE-2020-0764](<https://vulners.com/cve/CVE-2020-0764>)4.6Warning \n[CVE-2020-16890](<https://vulners.com/cve/CVE-2020-16890>)7.2High \n[CVE-2020-16891](<https://vulners.com/cve/CVE-2020-16891>)7.2High \n[CVE-2020-16892](<https://vulners.com/cve/CVE-2020-16892>)4.6Warning \n[CVE-2020-16894](<https://vulners.com/cve/CVE-2020-16894>)6.8High \n[CVE-2020-16901](<https://vulners.com/cve/CVE-2020-16901>)2.1Warning \n[CVE-2020-16896](<https://vulners.com/cve/CVE-2020-16896>)5.0Critical \n[CVE-2020-16897](<https://vulners.com/cve/CVE-2020-16897>)2.1Warning \n[CVE-2020-16973](<https://vulners.com/cve/CVE-2020-16973>)4.6Warning \n[CVE-2020-16899](<https://vulners.com/cve/CVE-2020-16899>)7.8Critical \n[CVE-2020-1047](<https://vulners.com/cve/CVE-2020-1047>)7.2High \n[CVE-2020-16976](<https://vulners.com/cve/CVE-2020-16976>)4.6Warning \n[CVE-2020-16975](<https://vulners.com/cve/CVE-2020-16975>)4.6Warning \n[CVE-2020-16974](<https://vulners.com/cve/CVE-2020-16974>)4.6Warning \n[CVE-2020-16936](<https://vulners.com/cve/CVE-2020-16936>)4.6Warning \n[CVE-2020-16935](<https://vulners.com/cve/CVE-2020-16935>)7.2High \n[CVE-2020-1167](<https://vulners.com/cve/CVE-2020-1167>)9.3Critical \n[CVE-2020-16877](<https://vulners.com/cve/CVE-2020-16877>)3.6Warning \n[CVE-2020-16912](<https://vulners.com/cve/CVE-2020-16912>)4.6Warning \n[CVE-2020-1080](<https://vulners.com/cve/CVE-2020-1080>)7.2High \n[CVE-2020-16914](<https://vulners.com/cve/CVE-2020-16914>)2.1Warning \n[CVE-2020-16916](<https://vulners.com/cve/CVE-2020-16916>)7.2High \n[CVE-2020-16911](<https://vulners.com/cve/CVE-2020-16911>)9.3Critical \n[CVE-2020-16910](<https://vulners.com/cve/CVE-2020-16910>)4.3Warning \n[CVE-2020-16913](<https://vulners.com/cve/CVE-2020-16913>)7.2High \n[CVE-2020-16938](<https://vulners.com/cve/CVE-2020-16938>)2.1Warning \n[CVE-2020-16915](<https://vulners.com/cve/CVE-2020-16915>)6.8High \n[CVE-2020-16921](<https://vulners.com/cve/CVE-2020-16921>)2.1Warning \n[CVE-2020-16895](<https://vulners.com/cve/CVE-2020-16895>)7.2High\n\n### *KB list*:\n[4577041](<http://support.microsoft.com/kb/4577041>) \n[4577049](<http://support.microsoft.com/kb/4577049>) \n[4580328](<http://support.microsoft.com/kb/4580328>) \n[4580330](<http://support.microsoft.com/kb/4580330>) \n[4580327](<http://support.microsoft.com/kb/4580327>) \n[4580346](<http://support.microsoft.com/kb/4580346>) \n[4579311](<http://support.microsoft.com/kb/4579311>) \n[4580353](<http://support.microsoft.com/kb/4580353>) \n[4580347](<http://support.microsoft.com/kb/4580347>) \n[4580382](<http://support.microsoft.com/kb/4580382>) \n[4580358](<http://support.microsoft.com/kb/4580358>) \n[4577668](<http://support.microsoft.com/kb/4577668>) \n[4577671](<http://support.microsoft.com/kb/4577671>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-13T00:00:00", "type": "kaspersky", "title": "KLA11977 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0764", "CVE-2020-1047", "CVE-2020-1080", "CVE-2020-1167", "CVE-2020-1243", "CVE-2020-16876", "CVE-2020-16877", "CVE-2020-16885", "CVE-2020-16887", "CVE-2020-16889", "CVE-2020-16890", "CVE-2020-16891", "CVE-2020-16892", "CVE-2020-16894", "CVE-2020-16895", "CVE-2020-16896", "CVE-2020-16897", "CVE-2020-16898", "CVE-2020-16899", "CVE-2020-16900", "CVE-2020-16901", "CVE-2020-16902", "CVE-2020-16905", "CVE-2020-16907", "CVE-2020-16908", "CVE-2020-16909", "CVE-2020-16910", "CVE-2020-16911", "CVE-2020-16912", "CVE-2020-16913", "CVE-2020-16914", "CVE-2020-16915", "CVE-2020-16916", "CVE-2020-16919", "CVE-2020-16920", "CVE-2020-16921", "CVE-2020-16922", "CVE-2020-16923", "CVE-2020-16924", "CVE-2020-16927", "CVE-2020-16935", "CVE-2020-16936", "CVE-2020-16938", "CVE-2020-16939", "CVE-2020-16940", "CVE-2020-16967", "CVE-2020-16968", "CVE-2020-16972", "CVE-2020-16973", "CVE-2020-16974", "CVE-2020-16975", "CVE-2020-16976", "CVE-2020-16980"], "modified": "2022-01-18T00:00:00", "id": "KLA11977", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11977/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2020-16891
