Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11806
HistoryJun 09, 2020 - 12:00 a.m.

KLA11806 Multiple vulnerabilities in Microsoft Products (ESU)

2020-06-0900:00:00
Kaspersky Lab
threats.kaspersky.com
27

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.321 Low

EPSS

Percentile

96.9%

JSON

Detect date:

06/09/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service, bypass security restrictions.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1709 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server 2012 R2
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Internet Explorer 9
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1903 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 8.1 for x64-based systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 1803 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2012
Windows 10 Version 1903 for ARM64-based Systems
Windows RT 8.1
Windows Server 2016
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 11
Windows Server 2012 R2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1903 for 32-bit Systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-1160
CVE-2020-1281
CVE-2020-1287
CVE-2020-1348
CVE-2020-1301
CVE-2020-1260
CVE-2020-1207
CVE-2020-1262
CVE-2020-1263
CVE-2020-1246
CVE-2020-1247
CVE-2020-1208
CVE-2020-1300
CVE-2020-1196
CVE-2020-1194
CVE-2020-1299
CVE-2020-1291
CVE-2020-1317
CVE-2020-1239
CVE-2020-1214
CVE-2020-1236
CVE-2020-1230
CVE-2020-1314
CVE-2020-1315
CVE-2020-1213
CVE-2020-1212
CVE-2020-1215
CVE-2020-1311
CVE-2020-1216
CVE-2020-1255
CVE-2020-1254
CVE-2020-1271
CVE-2020-1270
CVE-2020-1251
CVE-2020-1253
CVE-2020-1272
CVE-2020-1302

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2020-11602.1Warning
CVE-2020-12816.8High
CVE-2020-12876.8High
CVE-2020-13484.3Warning
CVE-2020-13016.5High
CVE-2020-12607.6Critical
CVE-2020-12077.2High
CVE-2020-12627.2High
CVE-2020-12632.1Warning
CVE-2020-12467.2High
CVE-2020-12477.2High
CVE-2020-12089.3Critical
CVE-2020-13006.8High
CVE-2020-11964.6Warning
CVE-2020-11944.9Warning
CVE-2020-12999.3Critical
CVE-2020-12916.8High
CVE-2020-13179.0Critical
CVE-2020-12396.8High
CVE-2020-12147.6Critical
CVE-2020-12369.3Critical
CVE-2020-12307.6Critical
CVE-2020-13146.8High
CVE-2020-13152.6Warning
CVE-2020-12137.6Critical
CVE-2020-12126.8High
CVE-2020-12157.6Critical
CVE-2020-13116.8High
CVE-2020-12167.6Critical
CVE-2020-12556.5High
CVE-2020-12547.2High
CVE-2020-12714.6Warning
CVE-2020-12704.6Warning
CVE-2020-12517.2High
CVE-2020-12537.2High
CVE-2020-12727.2High
CVE-2020-13024.6Warning

KB list:

4561669
4561603
4561645
4561643
4561670

Microsoft official advisories:

References

Related

nessus 12
mskb 16
openvas 16
prion 44
cve 47
attackerkb 3
kaspersky 2
threatpost 1
qualysblog 1
thn 2
avleonov 1
mscve 37
zdi 2
checkpoint_advisories 12
huawei 1
githubexploit 1
securelist 1
nessus
nessus
KB4561645: Windows Server 2008 June 2020 Security Update
2020-06-09 00:00:00
KB4561669: Windows 7 and Windows Server 2008 R2 June 2020 Security Update
2020-06-09 00:00:00
KB4561674: Windows Server 2012 June 2020 Security Update
2020-06-09 00:00:00
mskb
mskb
June 9, 2020—KB4561670 (Monthly Rollup)
2020-06-09 07:00:00
June 9, 2020—KB4561669 (Security-only update)
2020-06-09 07:00:00
June 9, 2020—KB4561645 (Security-only update)
2020-06-09 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4561643)
2020-06-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4561612)
2020-06-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4561666)
2020-06-10 00:00:00
prion
prion
Remote code execution
2020-06-09 20:15:00
Remote code execution
2020-06-09 20:15:00
Remote code execution
2020-06-09 20:15:00
cve
cve
CVE-2020-1216
2020-06-09 20:15:00
CVE-2020-1260
2020-06-09 20:15:00
CVE-2020-1215
2020-06-09 20:15:00
attackerkb
attackerkb
CVE-2020-1247
2020-06-09 00:00:00
CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability
2020-06-09 00:00:00
CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability
2020-06-09 00:00:00
kaspersky
kaspersky
KLA11813 Multiple vulnerabilities in Microsoft Browsers
2020-06-09 00:00:00
KLA11807 Multiple vulnerabilities in Microsoft Windows
2020-06-09 00:00:00
threatpost
threatpost
Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update
2020-06-09 19:28:54
qualysblog
qualysblog
June 2020 Patch Tuesday – 128 Vulns, 11 Critical, Sharepoint, Workstation, Adobe Patches
2020-06-09 18:46:10
thn
thn
Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities
2020-06-09 18:14:00
Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability
2021-06-30 11:28:00
avleonov
avleonov
Microsoft Patch Tuesday June 2020: The Bleeding Ghost of SMB
2020-06-23 01:31:46
mscve
mscve
Media Foundation Memory Corruption Vulnerability
2020-06-09 07:00:00
Group Policy Elevation of Privilege Vulnerability
2020-06-09 07:00:00
Win32k Elevation of Privilege Vulnerability
2020-06-09 07:00:00
zdi
zdi
Microsoft Windows Media Player mpg2splt Integer Underflow Remote Code Execution Vulnerability
2020-06-09 00:00:00
Microsoft Windows win32kfull PDEVOBJ Use-After-Free Privilege Escalation Vulnerability
2020-06-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Win32k Elevation of Privilege (CVE-2020-1207)
2020-06-09 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2020-1253)
2020-06-09 00:00:00
Microsoft Windows Remote Code Execution (CVE-2020-1300)
2020-10-28 00:00:00
huawei
huawei
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows SMBv1
2020-08-05 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2020-06-13 18:24:26
securelist
securelist
IT threat evolution Q2 2020. PC statistics
2020-09-03 10:30:23

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.321 Low

EPSS

Percentile

96.9%

JSON
Related for KLA11806
nessus12mskb16openvas16prion44cve47attackerkb3kaspersky2threatpost1qualysblog1thn2avleonov1mscve37zdi2checkpoint_advisories12huawei1githubexploit1securelist1