KLA11863Multiple vulnerabilities in Microsoft Products (ESU)

2020-07-14T00:00:00
ID KLA11863
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-07-22T00:00:00

Description

Detect date:

07/14/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Windows 10 Version 2004 for ARM64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 1909 for 32-bit Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 8.1 for x64-based systems
Windows Server 2012 (Server Core installation)
Windows 10 Version 1709 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1709 for ARM64-based Systems
Windows 8.1 for 32-bit systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Internet Explorer 11
Windows 10 Version 1909 for ARM64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1803 for x64-based Systems
Microsoft Office 2019 for Mac
Windows RT 8.1
Windows 10 Version 2004 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft Office 2016 for Mac
Windows Server 2019
Internet Explorer 9
Windows 10 Version 1803 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-1333
CVE-2020-1384
CVE-2020-1346
CVE-2020-1389
CVE-2020-1032
CVE-2020-1036
CVE-2020-1360
CVE-2020-1267
CVE-2020-1365
CVE-2020-1354
CVE-2020-1419
CVE-2020-1438
CVE-2020-1435
CVE-2020-1412
CVE-2020-1437
CVE-2020-1436
CVE-2020-1430
CVE-2020-1428
CVE-2020-1396
CVE-2020-1397
CVE-2020-1390
CVE-2020-1359
CVE-2020-1371
CVE-2020-1350
CVE-2020-1351
CVE-2020-1040
CVE-2020-1041
CVE-2020-1042
CVE-2020-1043
CVE-2020-1373
CVE-2020-1410
CVE-2020-1374
CVE-2020-1085
CVE-2020-1407
CVE-2020-1400
CVE-2020-1401
CVE-2020-1402
CVE-2020-1403
CVE-2020-1427
CVE-2020-1468
CVE-2020-1408
CVE-2020-1409
CVE-2020-1421
ADV200008

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2020-14030.0Unknown
CVE-2020-13330.0Unknown
CVE-2020-13840.0Unknown
CVE-2020-13460.0Unknown
CVE-2020-13890.0Unknown
CVE-2020-10320.0Unknown
CVE-2020-10360.0Unknown
CVE-2020-13600.0Unknown
CVE-2020-12670.0Unknown
CVE-2020-13650.0Unknown
CVE-2020-13540.0Unknown
CVE-2020-14190.0Unknown
CVE-2020-14380.0Unknown
CVE-2020-14350.0Unknown
CVE-2020-14120.0Unknown
CVE-2020-14370.0Unknown
CVE-2020-14360.0Unknown
CVE-2020-14300.0Unknown
CVE-2020-14280.0Unknown
CVE-2020-13960.0Unknown
CVE-2020-13970.0Unknown
CVE-2020-13900.0Unknown
CVE-2020-13590.0Unknown
CVE-2020-13710.0Unknown
CVE-2020-13500.0Unknown
CVE-2020-13510.0Unknown
CVE-2020-10400.0Unknown
CVE-2020-10410.0Unknown
CVE-2020-10420.0Unknown
CVE-2020-10430.0Unknown
CVE-2020-13730.0Unknown
CVE-2020-14100.0Unknown
CVE-2020-13740.0Unknown
CVE-2020-10850.0Unknown
CVE-2020-14070.0Unknown
CVE-2020-14000.0Unknown
CVE-2020-14010.0Unknown
CVE-2020-14020.0Unknown
CVE-2020-14270.0Unknown
CVE-2020-14680.0Unknown
CVE-2020-14080.0Unknown
CVE-2020-14090.0Unknown
CVE-2020-14210.0Unknown

KB list:

4565524
4565479
4565529
4565539
4565353
4565354
4565536

Microsoft official advisories: