### *Detect date*:
11/10/2020
### *Severity*:
Critical
### *Description*:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, spoof user interface.
### *Exploitation*:
Public exploits exist for this vulnerability.
### *Affected products*:
Windows 10 Version 1909 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 1903 for ARM64-based Systems
Windows 8.1 for x64-based systems
Windows Server, version 1903 (Server Core installation)
Raw Image Extension
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1607 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 for 32-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 2004 for ARM64-based Systems
AV1 Video Extension
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows RT 8.1
WebP Image Extension
Windows 10 Version 1803 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1803 for x64-based Systems
HEVC Video Extensions
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 for x64-based Systems
Windows Server 2012
HEIF Image Extension
Windows Server 2016 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows Server 2012 R2
Windows 10 Version 1903 for 32-bit Systems
Windows Server 2016
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
### *Solution*:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
### *Original advisories*:
[CVE-2020-17081](<https://nvd.nist.gov/vuln/detail/CVE-2020-17081>)
[CVE-2020-17082](<https://nvd.nist.gov/vuln/detail/CVE-2020-17082>)
[CVE-2020-17075](<https://nvd.nist.gov/vuln/detail/CVE-2020-17075>)
[CVE-2020-17049](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-17049>)
[CVE-2020-17086](<https://nvd.nist.gov/vuln/detail/CVE-2020-17086>)
[CVE-2020-17087](<https://nvd.nist.gov/vuln/detail/CVE-2020-17087>)
[CVE-2020-17088](<https://nvd.nist.gov/vuln/detail/CVE-2020-17088>)
[CVE-2020-17045](<https://nvd.nist.gov/vuln/detail/CVE-2020-17045>)
[CVE-2020-17046](<https://nvd.nist.gov/vuln/detail/CVE-2020-17046>)
[CVE-2020-17047](<https://nvd.nist.gov/vuln/detail/CVE-2020-17047>)
[CVE-2020-17040](<https://nvd.nist.gov/vuln/detail/CVE-2020-17040>)
[CVE-2020-17041](<https://nvd.nist.gov/vuln/detail/CVE-2020-17041>)
[CVE-2020-17042](<https://nvd.nist.gov/vuln/detail/CVE-2020-17042>)
[CVE-2020-17043](<https://nvd.nist.gov/vuln/detail/CVE-2020-17043>)
[CVE-2020-17101](<https://nvd.nist.gov/vuln/detail/CVE-2020-17101>)
[CVE-2020-17026](<https://nvd.nist.gov/vuln/detail/CVE-2020-17026>)
[CVE-2020-17102](<https://nvd.nist.gov/vuln/detail/CVE-2020-17102>)
[CVE-2020-17106](<https://nvd.nist.gov/vuln/detail/CVE-2020-17106>)
[CVE-2020-17028](<https://nvd.nist.gov/vuln/detail/CVE-2020-17028>)
[CVE-2020-17029](<https://nvd.nist.gov/vuln/detail/CVE-2020-17029>)
[CVE-2020-17000](<https://nvd.nist.gov/vuln/detail/CVE-2020-17000>)
[CVE-2020-17001](<https://nvd.nist.gov/vuln/detail/CVE-2020-17001>)
[CVE-2020-17024](<https://nvd.nist.gov/vuln/detail/CVE-2020-17024>)
[CVE-2020-17025](<https://nvd.nist.gov/vuln/detail/CVE-2020-17025>)
[CVE-2020-17004](<https://nvd.nist.gov/vuln/detail/CVE-2020-17004>)
[CVE-2020-17068](<https://nvd.nist.gov/vuln/detail/CVE-2020-17068>)
[CVE-2020-17007](<https://nvd.nist.gov/vuln/detail/CVE-2020-17007>)
[CVE-2020-17069](<https://nvd.nist.gov/vuln/detail/CVE-2020-17069>)
[CVE-2020-16999](<https://nvd.nist.gov/vuln/detail/CVE-2020-16999>)
[CVE-2020-17038](<https://nvd.nist.gov/vuln/detail/CVE-2020-17038>)
[CVE-2020-17034](<https://nvd.nist.gov/vuln/detail/CVE-2020-17034>)
[CVE-2020-1599](<https://nvd.nist.gov/vuln/detail/CVE-2020-1599>)
[CVE-2020-17044](<https://nvd.nist.gov/vuln/detail/CVE-2020-17044>)
[CVE-2020-17109](<https://nvd.nist.gov/vuln/detail/CVE-2020-17109>)
[CVE-2020-17033](<https://nvd.nist.gov/vuln/detail/CVE-2020-17033>)
[CVE-2020-17090](<https://nvd.nist.gov/vuln/detail/CVE-2020-17090>)
[CVE-2020-17027](<https://nvd.nist.gov/vuln/detail/CVE-2020-17027>)
[CVE-2020-17030](<https://nvd.nist.gov/vuln/detail/CVE-2020-17030>)
[CVE-2020-17051](<https://nvd.nist.gov/vuln/detail/CVE-2020-17051>)
[CVE-2020-17057](<https://nvd.nist.gov/vuln/detail/CVE-2020-17057>)
[CVE-2020-17056](<https://nvd.nist.gov/vuln/detail/CVE-2020-17056>)
[CVE-2020-17055](<https://nvd.nist.gov/vuln/detail/CVE-2020-17055>)
[CVE-2020-17108](<https://nvd.nist.gov/vuln/detail/CVE-2020-17108>)
[CVE-2020-17070](<https://nvd.nist.gov/vuln/detail/CVE-2020-17070>)
[CVE-2020-17073](<https://nvd.nist.gov/vuln/detail/CVE-2020-17073>)
[CVE-2020-17014](<https://nvd.nist.gov/vuln/detail/CVE-2020-17014>)
[CVE-2020-17013](<https://nvd.nist.gov/vuln/detail/CVE-2020-17013>)
[CVE-2020-17074](<https://nvd.nist.gov/vuln/detail/CVE-2020-17074>)
[CVE-2020-17011](<https://nvd.nist.gov/vuln/detail/CVE-2020-17011>)
[CVE-2020-17010](<https://nvd.nist.gov/vuln/detail/CVE-2020-17010>)
[CVE-2020-17035](<https://nvd.nist.gov/vuln/detail/CVE-2020-17035>)
[CVE-2020-17078](<https://nvd.nist.gov/vuln/detail/CVE-2020-17078>)
[CVE-2020-17037](<https://nvd.nist.gov/vuln/detail/CVE-2020-17037>)
[CVE-2020-17036](<https://nvd.nist.gov/vuln/detail/CVE-2020-17036>)
[CVE-2020-17031](<https://nvd.nist.gov/vuln/detail/CVE-2020-17031>)
[CVE-2020-16998](<https://nvd.nist.gov/vuln/detail/CVE-2020-16998>)
[CVE-2020-17076](<https://nvd.nist.gov/vuln/detail/CVE-2020-17076>)
[CVE-2020-17032](<https://nvd.nist.gov/vuln/detail/CVE-2020-17032>)
[CVE-2020-16997](<https://nvd.nist.gov/vuln/detail/CVE-2020-16997>)
[CVE-2020-17071](<https://nvd.nist.gov/vuln/detail/CVE-2020-17071>)
[CVE-2020-17113](<https://nvd.nist.gov/vuln/detail/CVE-2020-17113>)
[CVE-2020-17077](<https://nvd.nist.gov/vuln/detail/CVE-2020-17077>)
[CVE-2020-17110](<https://nvd.nist.gov/vuln/detail/CVE-2020-17110>)
[CVE-2020-17107](<https://nvd.nist.gov/vuln/detail/CVE-2020-17107>)
[CVE-2020-17105](<https://nvd.nist.gov/vuln/detail/CVE-2020-17105>)
[CVE-2020-17079](<https://nvd.nist.gov/vuln/detail/CVE-2020-17079>)
[CVE-2020-17012](<https://nvd.nist.gov/vuln/detail/CVE-2020-17012>)
### *Impacts*:
ACE
### *Related products*:
[Microsoft Windows Server 2012](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/>)
### *CVE-IDS*:
[CVE-2020-17043](<https://vulners.com/cve/CVE-2020-17043>)6.8High
[CVE-2020-17069](<https://vulners.com/cve/CVE-2020-17069>)2.1Warning
[CVE-2020-17087](<https://vulners.com/cve/CVE-2020-17087>)7.2High
[CVE-2020-17088](<https://vulners.com/cve/CVE-2020-17088>)4.6Warning
[CVE-2020-17045](<https://vulners.com/cve/CVE-2020-17045>)4.9Warning
[CVE-2020-17047](<https://vulners.com/cve/CVE-2020-17047>)7.8Critical
[CVE-2020-17042](<https://vulners.com/cve/CVE-2020-17042>)9.3Critical
[CVE-2020-1599](<https://vulners.com/cve/CVE-2020-1599>)2.1Warning
[CVE-2020-17044](<https://vulners.com/cve/CVE-2020-17044>)6.8High
[CVE-2020-16997](<https://vulners.com/cve/CVE-2020-16997>)4.0Warning
[CVE-2020-17014](<https://vulners.com/cve/CVE-2020-17014>)6.6High
[CVE-2020-17038](<https://vulners.com/cve/CVE-2020-17038>)7.2High
[CVE-2020-17011](<https://vulners.com/cve/CVE-2020-17011>)7.2High
[CVE-2020-17029](<https://vulners.com/cve/CVE-2020-17029>)4.9Warning
[CVE-2020-17000](<https://vulners.com/cve/CVE-2020-17000>)2.1Warning
[CVE-2020-17001](<https://vulners.com/cve/CVE-2020-17001>)4.6Warning
[CVE-2020-17068](<https://vulners.com/cve/CVE-2020-17068>)7.2High
[CVE-2020-17036](<https://vulners.com/cve/CVE-2020-17036>)4.9Warning
[CVE-2020-17004](<https://vulners.com/cve/CVE-2020-17004>)2.1Warning
[CVE-2020-17081](<https://vulners.com/cve/CVE-2020-17081>)5.0Warning
[CVE-2020-17082](<https://vulners.com/cve/CVE-2020-17082>)7.5Critical
[CVE-2020-17075](<https://vulners.com/cve/CVE-2020-17075>)4.6Warning
[CVE-2020-17049](<https://vulners.com/cve/CVE-2020-17049>)9.0Critical
[CVE-2020-17086](<https://vulners.com/cve/CVE-2020-17086>)7.5Critical
[CVE-2020-17046](<https://vulners.com/cve/CVE-2020-17046>)4.9Warning
[CVE-2020-17040](<https://vulners.com/cve/CVE-2020-17040>)7.5Critical
[CVE-2020-17041](<https://vulners.com/cve/CVE-2020-17041>)7.2High
[CVE-2020-17101](<https://vulners.com/cve/CVE-2020-17101>)4.6Warning
[CVE-2020-17026](<https://vulners.com/cve/CVE-2020-17026>)4.6Warning
[CVE-2020-17102](<https://vulners.com/cve/CVE-2020-17102>)2.1Warning
[CVE-2020-17106](<https://vulners.com/cve/CVE-2020-17106>)9.3Critical
[CVE-2020-17028](<https://vulners.com/cve/CVE-2020-17028>)4.6Warning
[CVE-2020-17024](<https://vulners.com/cve/CVE-2020-17024>)7.2High
[CVE-2020-17025](<https://vulners.com/cve/CVE-2020-17025>)4.6Warning
[CVE-2020-17007](<https://vulners.com/cve/CVE-2020-17007>)4.6Warning
[CVE-2020-16999](<https://vulners.com/cve/CVE-2020-16999>)2.1Warning
[CVE-2020-17034](<https://vulners.com/cve/CVE-2020-17034>)4.6Warning
[CVE-2020-17109](<https://vulners.com/cve/CVE-2020-17109>)9.3Critical
[CVE-2020-17033](<https://vulners.com/cve/CVE-2020-17033>)4.6Warning
[CVE-2020-17090](<https://vulners.com/cve/CVE-2020-17090>)7.5Critical
[CVE-2020-17027](<https://vulners.com/cve/CVE-2020-17027>)4.6Warning
[CVE-2020-17030](<https://vulners.com/cve/CVE-2020-17030>)4.9Warning
[CVE-2020-17057](<https://vulners.com/cve/CVE-2020-17057>)7.2High
[CVE-2020-17056](<https://vulners.com/cve/CVE-2020-17056>)2.1Warning
[CVE-2020-17055](<https://vulners.com/cve/CVE-2020-17055>)6.8High
[CVE-2020-17108](<https://vulners.com/cve/CVE-2020-17108>)9.3Critical
[CVE-2020-17070](<https://vulners.com/cve/CVE-2020-17070>)7.2High
[CVE-2020-17073](<https://vulners.com/cve/CVE-2020-17073>)4.6Warning
[CVE-2020-17013](<https://vulners.com/cve/CVE-2020-17013>)2.1Warning
[CVE-2020-17074](<https://vulners.com/cve/CVE-2020-17074>)7.2High
[CVE-2020-17010](<https://vulners.com/cve/CVE-2020-17010>)7.2High
[CVE-2020-17035](<https://vulners.com/cve/CVE-2020-17035>)7.2High
[CVE-2020-17078](<https://vulners.com/cve/CVE-2020-17078>)7.5Critical
[CVE-2020-17037](<https://vulners.com/cve/CVE-2020-17037>)7.2High
[CVE-2020-17031](<https://vulners.com/cve/CVE-2020-17031>)4.6Warning
[CVE-2020-16998](<https://vulners.com/cve/CVE-2020-16998>)4.6Warning
[CVE-2020-17076](<https://vulners.com/cve/CVE-2020-17076>)7.2High
[CVE-2020-17032](<https://vulners.com/cve/CVE-2020-17032>)4.6Warning
[CVE-2020-17071](<https://vulners.com/cve/CVE-2020-17071>)2.1Warning
[CVE-2020-17113](<https://vulners.com/cve/CVE-2020-17113>)2.1Warning
[CVE-2020-17077](<https://vulners.com/cve/CVE-2020-17077>)7.2High
[CVE-2020-17110](<https://vulners.com/cve/CVE-2020-17110>)9.3Critical
[CVE-2020-17107](<https://vulners.com/cve/CVE-2020-17107>)9.3Critical
[CVE-2020-17079](<https://vulners.com/cve/CVE-2020-17079>)7.5Critical
[CVE-2020-17012](<https://vulners.com/cve/CVE-2020-17012>)4.6Warning
### *KB list*:
[4586785](<http://support.microsoft.com/kb/4586785>)
[4586793](<http://support.microsoft.com/kb/4586793>)
[4586787](<http://support.microsoft.com/kb/4586787>)
[4586786](<http://support.microsoft.com/kb/4586786>)
[4586781](<http://support.microsoft.com/kb/4586781>)
[4586834](<http://support.microsoft.com/kb/4586834>)
[4586830](<http://support.microsoft.com/kb/4586830>)
[4586845](<http://support.microsoft.com/kb/4586845>)
[4586808](<http://support.microsoft.com/kb/4586808>)
[4586823](<http://support.microsoft.com/kb/4586823>)
[4592449](<http://support.microsoft.com/kb/4592449>)
[4598278](<http://support.microsoft.com/kb/4598278>)
[4598297](<http://support.microsoft.com/kb/4598297>)
[5001337](<http://support.microsoft.com/kb/5001337>)
[5004238](<http://support.microsoft.com/kb/5004238>)
[5004302](<http://support.microsoft.com/kb/5004302>)
[5004294](<http://support.microsoft.com/kb/5004294>)
[5004237](<http://support.microsoft.com/kb/5004237>)
[5004244](<http://support.microsoft.com/kb/5004244>)
[5004298](<http://support.microsoft.com/kb/5004298>)
[5004285](<http://support.microsoft.com/kb/5004285>)
### *Microsoft official advisories*:
{"mskb": [{"lastseen": "2023-11-28T09:47:04", "description": "None\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594439. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB4586768](<https://support.microsoft.com/help/4586768>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586823>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4586823](<https://download.microsoft.com/download/f/a/9/fa9ab938-dc38-44c6-84de-f5a964c3d8b2/4586823.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586823 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586823", "href": "https://support.microsoft.com/en-us/help/4586823", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:02", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**NEW 11/10/20 \nIMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2020. There will be a monthly security release (known as a \u201cB\u201d release) for December 2020. Normal monthly servicing for both B and C releases will resume in January 2021.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1577) released November 10, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n## Highlights\n\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve security when Windows performs basic operations.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, Microsoft Graphics Component, Windows Input and Composition, the Windows Wallet Service, Windows Fundamentals, and the Windows Kernel.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app > **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594442. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4587735) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586793>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586793](<https://download.microsoft.com/download/a/e/e/aeef4e7a-b08d-4da9-b19f-62054aca9811/4586793.csv>).**Note** Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586793 (OS Build 17763.1577) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17011", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2020-12-20T00:00:00", "id": "KB4586793", "href": "https://support.microsoft.com/en-us/help/4586793", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:46:49", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 1803 update history home page.\n\n## Highlights\n\n * Updates an issue that might prevent Microsoft Edge from opening or might prevent you from browsing in certain circumstances.\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using external devices (such as game controllers, printers, and web cameras).\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.\n * Allows you to restrict the JScript Scripting Engine to a process.\n * Addresses an issue that might prevent Microsoft Edge from opening or might prevent you from browsing in certain circumstances.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, Microsoft Graphics Component, Windows Input and Composition, Windows Wallet Service, Windows Fundamentals, Windows Kernel, and Windows Peripherals.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4580398) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586785>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586785](<https://download.microsoft.com/download/0/1/f/01fbfca7-591c-488e-91ef-98335088cf32/4586785.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586785 (OS Build 17134.1845) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17011", "CVE-2020-17012", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2020-12-20T00:00:00", "id": "KB4586785", "href": "https://support.microsoft.com/en-us/help/4586785", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:02", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**NEW 11/10/20 \nIMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2020. There will be a monthly security release (known as a \u201cB\u201d release) for December 2020. Normal monthly servicing for both B and C releases will resume in January 2021.\n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 1903 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve security when Windows performs basic operations.\n\n## Improvements and fixes\n\n## \n\n__\n\nWindows 10, version 1909\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 1903.\n * No additional issues were documented for this release.\n\n## \n\n__\n\nWindows 10, version 1903\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 18362.1085) released November 10, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses an issue with the package frame launcher (PSF) that passes a malformed parameter to a shim.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, the Microsoft Graphics Component, Windows Input and Composition, the Windows Wallet Service, Windows Fundamentals, and the Windows Kernel.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nSystem and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.**Note **Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.| This issue is resolved in KB4592449. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the Windows release health page for [Windows Server, version 1909](<https://docs.microsoft.com/windows/release-information/status-windows-10-1909#1522msgdesc>) or [Windows Server, version 1903](<https://docs.microsoft.com/windows/release-information/status-windows-10-1903#1522msgdesc>). **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594443. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4586863) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586786>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586786](<https://download.microsoft.com/download/b/f/d/bfd14412-228d-4d32-9445-baa32275c0d5/4586786.csv>). **Note** Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586786 (OS Builds 18362.1198 and 18363.1198) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17012", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2020-12-20T00:00:00", "id": "KB4586786", "href": "https://support.microsoft.com/en-us/help/4586786", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:46:49", "description": "None\n**NEW 11/10/20 \nIMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2020. There will be a monthly security release (known as a \u201cB\u201d release) for December 2020. Normal monthly servicing for both B and C releases will resume in January 2021.\n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 2004 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when Windows performs basic operations.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n\n## Improvements and fixes\n\n## \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n## \n\n__\n\nWindows 10, version 2004\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 19041.1128) released November 10, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Microsoft Graphics Component, the Windows Wallet Service, Windows Fundamentals, and the Windows Kernel.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nUsers of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text.| All IME issues listed in KB4564002 were resolved in KB4586853. \nSystem and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.**Note **Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.| This issue is resolved in KB4592438. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the Windows release health page for [Windows Server, version 20H2](<https://docs.microsoft.com/windows/release-information/status-windows-10-20h2#1522msgdesc>) or [Windows Server, version 2004](<https://docs.microsoft.com/windows/release-information/status-windows-10-2004#1522msgdesc>) . **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594440. \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note** The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4586864) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586781>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586781](<https://download.microsoft.com/download/9/0/c/90c20c3f-2cae-4cbb-93ab-ef00942e46d2/4586781.csv>). **Note** Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586781 (OS Builds 19041.630 and 19042.630)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2020-12-20T00:00:00", "id": "KB4586781", "href": "https://support.microsoft.com/en-us/help/4586781", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:04", "description": "None\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-server-2012#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594438. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566426](<https://support.microsoft.com/help/4566426>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB4586768](<https://support.microsoft.com/help/4586768>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586808>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586808](<https://download.microsoft.com/download/7/6/6/766e60b6-effb-432b-93ef-d280852cafe1/4586808.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586808 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586808", "href": "https://support.microsoft.com/en-us/help/4586808", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:05", "description": "None\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4580347](<https://support.microsoft.com/help/4580347>) (released October 13, 2020) and addresses the following issues:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Allows administrators to enable \"Save target as\" through Group Policy for users in Microsoft Edge IE mode.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, Windows Remote Desktop, and Microsoft Scripting Engine.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in [KB4594439](<https://support.microsoft.com/help/4594439>). \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586845>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4586845](<https://download.microsoft.com/download/3/9/b/39bf949e-bdf1-45bd-aa1d-0a7568d0e3f2/4586845.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586845 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586845", "href": "https://support.microsoft.com/en-us/help/4586845", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:02", "description": "None\n**IMPORTANT **Verify that you have installed the required updates listed in the **How to get this update** section _before_ installing this update. \n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update**\n\n**IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\n\n**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **_restart your device_** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU. To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \n**Important** For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates. \n\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the _latest_ SSU ([KB4580970](<https://support.microsoft.com/help/4580970>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB4586768](<https://support.microsoft.com/help/4586768>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586805>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586805](<https://download.microsoft.com/download/3/9/e/39e80bdf-ce89-4ee2-b663-0b6fc620975c/4586805.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586805 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586805", "href": "https://support.microsoft.com/en-us/help/4586805", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:04", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 1607 update history home page.\n\n## Highlights\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when Windows performs basic operations.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.\n * Allows you to restrict the JScript Scripting Engine to a process.\n * Address an issue that causes an application to stop working if the app uses a hook.\n * Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, \u201cMMC cannot initialize the snap-in.\u201d\n * Addresses an issue with devices on which Credential Guard is enabled; if these devices use a Machine Bound certificate, authentication requests might fail. This occurs because Windows 2016 and Windows 2019 domain controllers add duplicate KeyID values to the **msDS-KeyCredentialLink** attribute of these devices.\n * Addresses an issue that might cause stop error 7E in **nfssvr.sys** on servers running the Network File System (NFS) service.\n * Addresses an issue with Remote Desktop Session Host (RDSH) connection brokers that prevents users from connecting to a Remote Desktop in collections. This issue occurs because of an access violation in **tssdis.exe**.\n * Addresses an issue that causes the Windows Management Instrumentation (WMI) Provider Host (**WmiPrvSE.exe**) to leak registry key handles when querying **Win32_RDCentralPublishedDeploymentSettings**.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.\n * Addresses an issue with incorrect Canonical Display Driver (CDD) buffer flushing, which degrades performance in Remote Desktop Protocol (RDP) Windows 2000 Display Driver Model (XDDM) scenarios. This issue affects applications that use graphics processing units (GPU) to operate, such as Microsoft Teams, Microsoft Office, and web browsers.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Addresses an issue with remote procedure call (RPC) runtime that might cause memory to leak. As a result, performance degrades, which causes high CPU usage, slowness, or resource depletion.\n * Security updates to the Microsoft Scripting Engine, the Microsoft Graphics Component, the Windows Wallet Service, Windows Fundamentals, the Windows Kernel, and Windows Virtualization.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4467684, the cluster service may fail to start with the error \u201c2245 (NERR_PasswordTooShort)\u201d if the group policy \u201cMinimum Password Length\u201d is configured with greater than 14 characters.| Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.Microsoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594441. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4576750) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586830>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586830](<https://download.microsoft.com/download/4/5/a/45ab9419-b92c-4a5f-812a-a9bcbff58398/4586830.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586830 (OS Build 14393.4046) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17113"], "modified": "2020-12-20T00:00:00", "id": "KB4586830", "href": "https://support.microsoft.com/en-us/help/4586830", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:04", "description": "None\n**IMPORTANT **Verify that you have installed the required updates listed in the **How to get this update** section _before_ installing this update. \n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4580345](<https://support.microsoft.com/help/4580345>) (released October 13, 2020) and addresses the following issues:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege. \n * Perform the operation from a node that doesn\u2019t have CSV ownership. \nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **_restart your device_** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU. To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \n**Important** For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates. \n\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the _latest_ SSU ([KB4580970](<https://support.microsoft.com/help/4580970>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoftt.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586827>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586827](<https://download.microsoft.com/download/e/3/3/e339b2b6-097b-4d12-9dc9-b66926a2b792/4586827.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586827 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586827", "href": "https://support.microsoft.com/en-us/help/4586827", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:02", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.\n * Allows you to restrict the JScript Scripting Engine to a process.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, the Microsoft Graphics Component, the Windows Wallet Service, Windows Cryptography, and Windows Fundamentals.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4565911) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586787>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586787](<https://download.microsoft.com/download/0/5/b/05be12e5-b9c4-4631-8dd4-704f1a914270/4586787.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586787 (OS Build 10240.18756) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17052", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17113"], "modified": "2020-12-20T00:00:00", "id": "KB4586787", "href": "https://support.microsoft.com/en-us/help/4586787", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:04", "description": "None\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4580382](<https://support.microsoft.com/help/4580382>) (released October 13, 2020) and addresses the following issues:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-server-2012#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594438. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566426](<https://support.microsoft.com/help/4566426>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586834>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4586834](<https://download.microsoft.com/download/3/7/5/37555c0d-b338-4516-8c2d-e3cab16c2829/4586834.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586834 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586834", "href": "https://support.microsoft.com/en-us/help/4586834", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:04", "description": "None\n**IMPORTANT **Verify that you have installed the required updates listed in the **How to get this update** section _before_ installing this update. \n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, and Windows Hybrid Storage Services.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **_restart your device_** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The August 11, 2020 SSU ([KB4572374](<https://support.microsoft.com/help/4572374>)) or later. To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\n 4. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) released February 11, 2020. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the _latest_ SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB4586768](<https://support.microsoft.com/help/4586768>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586817>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586817](<https://download.microsoft.com/download/9/1/4/9143faf7-d55c-40e0-9dfd-f0cd6e37f7d8/4586817.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586817 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17036", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17045", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586817", "href": "https://support.microsoft.com/en-us/help/4586817", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:47:03", "description": "None\n**IMPORTANT **Verify that you have installed the required updates listed in the **How to get this update** section _before_ installing this update. \n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4580378](<https://support.microsoft.com/help/4580378>) (released October 13, 2020) and addresses the following issues:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, and Windows Hybrid Storage Services.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **_restart your device_** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The August 11, 2020 SSU ([KB4572374](<https://support.microsoft.com/help/4572374>)) or later. To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\n 4. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) released February 11, 2020. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the _latest _SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586807>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586807](<https://download.microsoft.com/download/8/8/2/882a5b05-00ee-4d46-ad36-5db4a9b321dd/4586807.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-20T00:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586807 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17036", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17045", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2020-12-20T00:00:00", "id": "KB4586807", "href": "https://support.microsoft.com/en-us/help/4586807", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-06-28T14:37:33", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586793: Windows 10 Version 1809 and Windows Server 2019 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17011", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586793.NASL", "href": "https://www.tenable.com/plugins/nessus/142693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142693);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\"\n );\n script_xref(name:\"MSKB\", value:\"4586793\");\n script_xref(name:\"MSFT\", value:\"MS20-4586793\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586793: Windows 10 Version 1809 and Windows Server 2019 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586793/windows-10-update-kb4586793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92d059c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586793.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586793');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586793])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:36:05", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586786: Windows 10 Version 1903 and Windows 10 Version 1909 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17012", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586786.NASL", "href": "https://www.tenable.com/plugins/nessus/142680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142680);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17010\",\n \"CVE-2020-17011\",\n \"CVE-2020-17012\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17073\",\n \"CVE-2020-17074\",\n \"CVE-2020-17075\",\n \"CVE-2020-17076\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586786\");\n script_xref(name:\"MSFT\", value:\"MS20-4586786\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586786: Windows 10 Version 1903 and Windows 10 Version 1909 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586786/windows-10-update-kb4586786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7e34577\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586786.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586786');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586786])\n || \n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586786])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:22:11", "description": "The Microsoft 4586785 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Update Medic Service Elevation of Privilege Vulnerability (CVE-2020-17070)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Update Stack Elevation of Privilege Vulnerability (CVE-2020-17077)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Microsoft Defender for Endpoint Security Feature Bypass Vulnerability (CVE-2020-17090)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Bind Filter Driver Elevation of Privilege Vulnerability (CVE-2020-17012)\n\n - Win32k Information Disclosure Vulnerability (CVE-2020-17013)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows MSCTF Server Information Disclosure Vulnerability (CVE-2020-17030)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586785: Windows 10 Version 1803 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17012", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586785.NASL", "href": "https://www.tenable.com/plugins/nessus/142682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142682);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17012\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17048\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17054\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586785\");\n script_xref(name:\"MSFT\", value:\"MS20-4586785\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586785: Windows 10 Version 1803 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft 4586785 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Update Medic Service Elevation of Privilege Vulnerability (CVE-2020-17070)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Update Stack Elevation of Privilege Vulnerability (CVE-2020-17077)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Microsoft Defender for Endpoint Security Feature Bypass Vulnerability (CVE-2020-17090)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Bind Filter Driver Elevation of Privilege Vulnerability (CVE-2020-17012)\n\n - Win32k Information Disclosure Vulnerability (CVE-2020-17013)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows MSCTF Server Information Disclosure Vulnerability (CVE-2020-17030)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://support.microsoft.com/en-us/help/4586785/windows-10-update-kb4586785\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7865164\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586785.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17042\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586785');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586785])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:36:06", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586781: Windows 10 Version 2004 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586781.NASL", "href": "https://www.tenable.com/plugins/nessus/142684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142684);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17010\",\n \"CVE-2020-17011\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17048\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17054\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17073\",\n \"CVE-2020-17074\",\n \"CVE-2020-17075\",\n \"CVE-2020-17076\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586781\");\n script_xref(name:\"MSFT\", value:\"MS20-4586781\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586781: Windows 10 Version 2004 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586781/windows-10-update-kb4586781\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bdf4d2e0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586781.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586781');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586781])\n||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19042\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586781])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:37:33", "description": "The Microsoft 4586787 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586787: Windows 10 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17052", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17113"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586787.NASL", "href": "https://www.tenable.com/plugins/nessus/142681", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142681);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17052\",\n \"CVE-2020-17054\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586787\");\n script_xref(name:\"MSFT\", value:\"MS20-4586787\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586787: Windows 10 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft 4586787 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://support.microsoft.com/en-us/help/4586787/windows-10-update-kb4586787\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05343312\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586787.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17042\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17040\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586787');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586787])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:36:06", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586823: Windows 8.1 and Windows Server 2012 R2 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586845.NASL", "href": "https://www.tenable.com/plugins/nessus/142686", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142686);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586823\");\n script_xref(name:\"MSKB\", value:\"4586845\");\n script_xref(name:\"MSFT\", value:\"MS20-4586823\");\n script_xref(name:\"MSFT\", value:\"MS20-4586845\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586823: Windows 8.1 and Windows Server 2012 R2 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586823/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586845/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586823 or Cumulative Update KB4586845.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586823', '4586845');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586823, 4586845])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:37:31", "description": "The Microsoft 4586830 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17113"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586830.NASL", "href": "https://www.tenable.com/plugins/nessus/142690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142690);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17048\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17054\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586830\");\n script_xref(name:\"MSFT\", value:\"MS20-4586830\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft 4586830 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://support.microsoft.com/en-us/help/4586830/windows-10-update-kb4586830\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8c32243\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586830.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586830');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586830])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:18", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586808: Windows Server 2012 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17088"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586834.NASL", "href": "https://www.tenable.com/plugins/nessus/142687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142687);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17029\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17056\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586808\");\n script_xref(name:\"MSKB\", value:\"4586834\");\n script_xref(name:\"MSFT\", value:\"MS20-4586808\");\n script_xref(name:\"MSFT\", value:\"MS20-4586834\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n\n script_name(english:\"KB4586808: Windows Server 2012 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586808/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0d6d9b2\");\n # https://support.microsoft.com/en-us/help/4586834/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82b0555c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586808 or Cumulative Update KB4586834.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586808', '4586834');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586808, 4586834])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:22:19", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586805: Windows 7 and Windows Server 2008 R2 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586827.NASL", "href": "https://www.tenable.com/plugins/nessus/142683", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142683);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17029\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586827\");\n script_xref(name:\"MSKB\", value:\"4586805\");\n script_xref(name:\"MSFT\", value:\"MS20-4586827\");\n script_xref(name:\"MSFT\", value:\"MS20-4586805\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586805: Windows 7 and Windows Server 2008 R2 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586827/windows-7-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586805/windows-7-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586805 or Cumulative Update KB4586827.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586827', '4586805');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586827, 4586805])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:37:32", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586817: Windows Server 2008 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17036", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17045", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586817.NASL", "href": "https://www.tenable.com/plugins/nessus/142679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142679);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17036\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17045\",\n \"CVE-2020-17051\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586817\");\n script_xref(name:\"MSKB\", value:\"4586807\");\n script_xref(name:\"MSFT\", value:\"MS20-4586817\");\n script_xref(name:\"MSFT\", value:\"MS20-4586807\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586817: Windows Server 2008 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586817/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49b35330\");\n # https://support.microsoft.com/en-us/help/4586807/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a85048a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586817 or Cumulative Update KB4586807.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586817', '4586807');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586817, 4586807])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-06T17:40:52", "description": "### *Detect date*:\n11/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.\n\n### *Exploitation*:\nPublic exploits exist for this vulnerability.\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2019 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-17043](<https://nvd.nist.gov/vuln/detail/CVE-2020-17043>) \n[CVE-2020-17069](<https://nvd.nist.gov/vuln/detail/CVE-2020-17069>) \n[CVE-2020-17087](<https://nvd.nist.gov/vuln/detail/CVE-2020-17087>) \n[CVE-2020-17088](<https://nvd.nist.gov/vuln/detail/CVE-2020-17088>) \n[CVE-2020-17045](<https://nvd.nist.gov/vuln/detail/CVE-2020-17045>) \n[CVE-2020-17051](<https://nvd.nist.gov/vuln/detail/CVE-2020-17051>) \n[CVE-2020-17047](<https://nvd.nist.gov/vuln/detail/CVE-2020-17047>) \n[CVE-2020-17042](<https://nvd.nist.gov/vuln/detail/CVE-2020-17042>) \n[CVE-2020-1599](<https://nvd.nist.gov/vuln/detail/CVE-2020-1599>) \n[CVE-2020-17044](<https://nvd.nist.gov/vuln/detail/CVE-2020-17044>) \n[CVE-2020-16997](<https://nvd.nist.gov/vuln/detail/CVE-2020-16997>) \n[CVE-2020-17014](<https://nvd.nist.gov/vuln/detail/CVE-2020-17014>) \n[CVE-2020-17038](<https://nvd.nist.gov/vuln/detail/CVE-2020-17038>) \n[CVE-2020-17011](<https://nvd.nist.gov/vuln/detail/CVE-2020-17011>) \n[CVE-2020-17029](<https://nvd.nist.gov/vuln/detail/CVE-2020-17029>) \n[CVE-2020-17000](<https://nvd.nist.gov/vuln/detail/CVE-2020-17000>) \n[CVE-2020-17001](<https://nvd.nist.gov/vuln/detail/CVE-2020-17001>) \n[CVE-2020-17068](<https://nvd.nist.gov/vuln/detail/CVE-2020-17068>) \n[CVE-2020-17036](<https://nvd.nist.gov/vuln/detail/CVE-2020-17036>) \n[CVE-2020-17004](<https://nvd.nist.gov/vuln/detail/CVE-2020-17004>) \n[CVE-2020-17049](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-17049>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-17043](<https://vulners.com/cve/CVE-2020-17043>)6.8High \n[CVE-2020-17069](<https://vulners.com/cve/CVE-2020-17069>)2.1Warning \n[CVE-2020-17087](<https://vulners.com/cve/CVE-2020-17087>)7.2High \n[CVE-2020-17088](<https://vulners.com/cve/CVE-2020-17088>)4.6Warning \n[CVE-2020-17045](<https://vulners.com/cve/CVE-2020-17045>)4.9Warning \n[CVE-2020-17047](<https://vulners.com/cve/CVE-2020-17047>)7.8Critical \n[CVE-2020-17042](<https://vulners.com/cve/CVE-2020-17042>)9.3Critical \n[CVE-2020-1599](<https://vulners.com/cve/CVE-2020-1599>)2.1Warning \n[CVE-2020-17044](<https://vulners.com/cve/CVE-2020-17044>)6.8High \n[CVE-2020-16997](<https://vulners.com/cve/CVE-2020-16997>)4.0Warning \n[CVE-2020-17014](<https://vulners.com/cve/CVE-2020-17014>)6.6High \n[CVE-2020-17038](<https://vulners.com/cve/CVE-2020-17038>)7.2High \n[CVE-2020-17011](<https://vulners.com/cve/CVE-2020-17011>)7.2High \n[CVE-2020-17029](<https://vulners.com/cve/CVE-2020-17029>)4.9Warning \n[CVE-2020-17000](<https://vulners.com/cve/CVE-2020-17000>)2.1Warning \n[CVE-2020-17001](<https://vulners.com/cve/CVE-2020-17001>)4.6Warning \n[CVE-2020-17068](<https://vulners.com/cve/CVE-2020-17068>)7.2High \n[CVE-2020-17036](<https://vulners.com/cve/CVE-2020-17036>)4.9Warning \n[CVE-2020-17004](<https://vulners.com/cve/CVE-2020-17004>)2.1Warning \n[CVE-2020-17049](<https://vulners.com/cve/CVE-2020-17049>)9.0Critical\n\n### *KB list*:\n[4586827](<http://support.microsoft.com/kb/4586827>) \n[4586817](<http://support.microsoft.com/kb/4586817>) \n[4586805](<http://support.microsoft.com/kb/4586805>) \n[4586807](<http://support.microsoft.com/kb/4586807>) \n[5004289](<http://support.microsoft.com/kb/5004289>) \n[5004307](<http://support.microsoft.com/kb/5004307>) \n[5004299](<http://support.microsoft.com/kb/5004299>) \n[5004305](<http://support.microsoft.com/kb/5004305>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "kaspersky", "title": "KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2023-09-28T00:00:00", "id": "KLA12003", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12003/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-12-06T15:37:03", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17044", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17044", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17044", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:07", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17055", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17055", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17055", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:59", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17033", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17033", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17033", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:58", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17025", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17025", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17025", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:58", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17028", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17028", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17028", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:58", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17031", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17031", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17031", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:04", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17043", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17043", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17043", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:57", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17027", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17027", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17027", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:57", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17026", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17026", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17026", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:00", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17032", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17032", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17032", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:58", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17034", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17034", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17034", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:24", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17108", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:52:00", "cpe": [], "id": "CVE-2020-17108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17108", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:25", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17109.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17110", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:40:00", "cpe": [], "id": "CVE-2020-17110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17110", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:25", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17109", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:50:00", "cpe": [], "id": "CVE-2020-17109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17109", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:25", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17106", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T21:04:00", "cpe": [], "id": "CVE-2020-17106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17106", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:24", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17107", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:57:00", "cpe": [], "id": "CVE-2020-17107", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17107", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:16", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17082", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17082", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17082", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:14", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17079", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17079", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:14", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17078", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17078", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:17", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17086", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:13", "description": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17074, CVE-2020-17076.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17073", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17076"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17073", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17073", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:13", "description": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17074.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17076", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17076"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17076", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:13", "description": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17076.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17074", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17076"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17074", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:51", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17010", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17010", "CVE-2020-17038"], "modified": "2022-04-26T16:33:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17010", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17010", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:47", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17001", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17001", "CVE-2020-17014"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:sp1", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17001", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17001", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:51", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17014", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17001", "CVE-2020-17014"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:sp1", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17014", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17014", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:00", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17038", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17010", "CVE-2020-17038"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17038", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17038", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:46", "description": "DirectX Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-16998", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16998"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-16998", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16998", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:49", "description": "Windows Graphics Component Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17004", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17004"], "modified": "2020-11-18T17:14:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:sp1", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17004", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17004", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:12", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17070", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17070"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17070", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17070", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:03", "description": "Windows Network File System Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17047", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17047"], "modified": "2020-11-19T17:50:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17047", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:59", "description": "Windows Kernel Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17035", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17035"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17035", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17035", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:14", "description": "Windows Update Stack Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17077", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17077"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17077", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:12", "description": "Windows Delivery Optimization Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17071", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17071"], "modified": "2020-11-16T17:33:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17071", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17071", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:59", "description": "Windows Function Discovery SSDP Provider Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17036", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17036"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17036", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17036", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:58", "description": "Windows MSCTF Server Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17030", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17030"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17030", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17030", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:00", "description": "Windows WalletService Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17037", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17037"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17037", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17037", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:22", "description": "WebP Image Extensions Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17102", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17102"], "modified": "2020-12-01T19:48:00", "cpe": [], "id": "CVE-2020-17102", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17102", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:05", "description": "Windows Network File System Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17051", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17051"], "modified": "2020-11-23T13:57:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:*"], "id": "CVE-2020-17051", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17051", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:57", "description": "Windows Canonical Display Driver Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17029", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17029"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17029", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:24", "description": "AV1 Video Extension Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17105", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17105"], "modified": "2020-11-24T20:10:00", "cpe": ["cpe:/a:microsoft:av1_video_extension:-"], "id": "CVE-2020-17105", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17105", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:av1_video_extension:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:11", "description": "Windows NDIS Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17069", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17069"], "modified": "2020-11-16T18:14:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17069", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17069", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:15", "description": "Microsoft Raw Image Extension Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17081", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17081"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17081", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-12-06T15:37:04", "description": "Windows Error Reporting Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17046", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17046"], "modified": "2020-11-19T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17046", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17046", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:26", "description": "Windows Camera Codec Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17113", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17113"], "modified": "2020-11-24T20:05:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17113", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17113", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:36:47", "description": "Windows WalletService Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-16999", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16999"], "modified": "2020-11-18T16:09:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-16999", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16999", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:10", "description": "Windows GDI+ Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17068", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17068"], "modified": "2020-11-23T20:32:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17068", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17068", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:02", "description": "Windows Print Configuration Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17041", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17041"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:*"], "id": "CVE-2020-17041", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17041", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T15:37:19", "description": "Microsoft Defender for Endpoint Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17090", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17090"], "modified": "2020-12-01T19:34:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:2004"], "id": "CVE-2020-17090", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}], "prion": [{"lastseen": "2023-11-22T01:24:28", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17034", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17034", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:29", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17026", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17026", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:31", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17044", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17044", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:28", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17027", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17027", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:29", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17032", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17032", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:30", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17043", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17043", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:28", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17031", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17031", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:30", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17033", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17033", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:32", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17055", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17055", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:27", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17028", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17028", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:28", "description": "Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17055"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17025", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17025", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:38", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T21:04:00", "id": "PRION:CVE-2020-17106", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17106", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:38", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:52:00", "id": "PRION:CVE-2020-17108", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17108", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:38", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17109.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:40:00", "id": "PRION:CVE-2020-17110", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17110", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:38", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:50:00", "id": "PRION:CVE-2020-17109", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17109", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:39", "description": "HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110"], "modified": "2020-11-19T20:57:00", "id": "PRION:CVE-2020-17107", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17107", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:34", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "id": "PRION:CVE-2020-17082", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17082", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:34", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "id": "PRION:CVE-2020-17079", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17079", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:35", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "id": "PRION:CVE-2020-17078", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17078", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:36", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "id": "PRION:CVE-2020-17086", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:34", "description": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17076.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17076"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17074", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17074", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:33", "description": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17074, CVE-2020-17076.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17076"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17073", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17073", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:35", "description": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17074.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17076"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17076", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17076", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:29", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17010", "CVE-2020-17038"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17038", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17038", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:26", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17010", "CVE-2020-17038"], "modified": "2022-04-26T16:33:00", "id": "PRION:CVE-2020-17010", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17010", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:27", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17001", "CVE-2020-17014"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17014", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17014", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:24", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17001", "CVE-2020-17014"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17001", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17001", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:35", "description": "Windows Update Stack Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17077"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17077", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17077", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:35", "description": "Microsoft Raw Image Extension Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17081"], "modified": "2020-11-17T21:47:00", "id": "PRION:CVE-2020-17081", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17081", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:23", "description": "DirectX Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16998"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-16998", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-16998", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:28", "description": "Windows MSCTF Server Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17030"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17030", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17030", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:30", "description": "Windows WalletService Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17037"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17037", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17037", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:29", "description": "Windows Function Discovery SSDP Provider Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17036"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17036", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17036", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:30", "description": "Windows Network File System Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Denial of service", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17047"], "modified": "2020-11-19T17:50:00", "id": "PRION:CVE-2020-17047", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17047", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T01:24:29", "description": "Windows Kernel Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17035"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17035", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17035", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:30", "description": "Windows Network File System Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17051"], "modified": "2020-11-23T13:57:00", "id": "PRION:CVE-2020-17051", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17051", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:37", "description": "AV1 Video Extension Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17105"], "modified": "2020-11-24T20:10:00", "id": "PRION:CVE-2020-17105", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17105", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:33", "description": "Windows GDI+ Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17068"], "modified": "2020-11-23T20:32:00", "id": "PRION:CVE-2020-17068", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17068", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:33", "description": "Windows Delivery Optimization Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17071"], "modified": "2020-11-16T17:33:00", "id": "PRION:CVE-2020-17071", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17071", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:37", "description": "WebP Image Extensions Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17102"], "modified": "2020-12-01T19:48:00", "id": "PRION:CVE-2020-17102", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17102", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:29", "description": "Windows Canonical Display Driver Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17029"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17029", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17029", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:30", "description": "Windows Hyper-V Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Security feature bypass", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17040"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17040", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:34", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17070"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17070", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17070", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:37", "description": "Microsoft Defender for Endpoint Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Security feature bypass", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17090"], "modified": "2020-12-01T19:34:00", "id": "PRION:CVE-2020-17090", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:24:38", "description": "Windows Camera Codec Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17113"], "modified": "2020-11-24T20:05:00", "id": "PRION:CVE-2020-17113", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17113", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:31", "description": "Windows Error Reporting Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Denial of service", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17046"], "modified": "2020-11-19T17:37:00", "id": "PRION:CVE-2020-17046", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17046", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T01:24:25", "description": "Windows WalletService Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16999"], "modified": "2020-11-18T16:09:00", "id": "PRION:CVE-2020-16999", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-16999", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:25", "description": "Windows Graphics Component Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17004"], "modified": "2020-11-18T17:14:00", "id": "PRION:CVE-2020-17004", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17004", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:26", "description": "Win32k Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17013"], "modified": "2020-11-18T16:09:00", "id": "PRION:CVE-2020-17013", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17013", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:24:32", "description": "Kerberos Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Security feature bypass", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2023-09-17T09:15:00", "id": "PRION:CVE-2020-17049", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17049", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:24:35", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17088"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-17088", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-17088", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2020-11-11T23:31:55", "description": "Microsoft\u2019s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft\u2019s 17 critical patches were tied to RCE bugs. In all, [112 vulnerabilities were patched by Microsoft](<https://msrc.microsoft.com/update-guide/>), with 93 rated important, and two rated low in severity.\n\nTracked as [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>), one Windows kernel local elevation of privilege vulnerability was red-flagged by Microsoft as being actively exploited in the wild. Last week, the bug was [disclosed by Google Project Zero](<https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/>), which reported the flaw was being exploited in the wild alongside a Google Chrome flaw (CVE-2020-15999) \u2013 which had been patched on Oct. 20. \n[](<https://threatpost.com/newsletter-sign/>) \nMicrosoft rated the vulnerability (CVE-2020-17087) as important in severity, likely because an attacker interested in exploiting the bug would need to have physical access to the various installs of Windows Server, Windows 10/RT/8.1/7 impacted by the flaw. [According to Google](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>), the bug has to do with the way the Windows Kernel Cryptography Driver (cng.sys) processes input/output control (IOCTL) in a way that cannot be expressed by regular system calls.\n\n## **Most Severe**\n\n\u201cOne of the most critical vulnerabilities patched this Tuesday is CVE-2020-17051, a remote code execution (RCE) vulnerability found in Windows\u2019 Network File System (NFS),\u201d wrote Chris Hass, director of information security and research at Automox, in his Patch Tuesday analysis.\n\nHe explained, the bug is particularly concerning \u201cbecause Windows\u2019 NFS is essentially a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory.\u201d\n\n\u201cAs you can imagine, with the functionality this service provides, attackers have been taking advantage of it to gain access to critical systems for a long time. It won\u2019t be long before we see scanning of port 2049 increase over the next few days, with exploitation in the wild likely to follow,\u201d he wrote.\n\nAutomox researchers also suggested SysAdmins prioritize patches for a pair of critical memory corruption vulnerabilities in Microsoft\u2019s Scripting Engine and Internet Explorer. Both (CVE-2020-17052, CVE-2020-17053) could lead to remote code execution.\n\n\u201cA likely attack scenario would be to embed a malicious link in a phishing email that the victim would click to lead to a compromised landing page hosting the exploit,\u201d Hass wrote.\n\n## **Descriptions Removed from Patch Tuesday Bulletin**\n\nFor many Patch-Tuesday veterans, it won\u2019t go unnoticed that starting with November\u2019s bulletin Microsoft removed the description section of the CVE overviews. The new approach was announced on Monday by the [Microsoft Security Response Center](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>). It describes a heavier reliance on the industry standard Common Vulnerability Scoring System (CVSS) to provide more generalized vulnerability information for Patch Tuesday security bulletins.\n\n\u201cThis is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.,\u201d [Microsoft wrote](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>).\n\nFor Zero Day Initiative\u2019s Dustin Childs, the new approach makes sense. He said, in many cases, \u201can accurate CVSS is really all you need. After all, there\u2019s only so much you can say about another SharePoint cross-site scripting (XSS) bug or a local privilege escalation that requires you to log on and run a specially crafted program. However, CVSS itself is not flawless.\u201d\n\nTenable\u2019s chief security officer, Bob Huber wasn\u2019t as generous. \u201d\n\n\u201cMicrosoft\u2019s decision to remove CVE description information from its Patch Tuesday release is a bad move, plain and simple. By relying on CVSSv3 ratings alone, Microsoft is eliminating a ton of valuable vulnerability data that can help inform organizations of the business risk a particular flaw poses to them,\u201d he wrote.\n\nHe argued that the new format was a blow to security and boon to adversaries. \u201cEnd-users [will be] completely blind to how a particular CVE impacts them. What\u2019s more, this makes it nearly impossible to determine the urgency of a given patch. It\u2019s difficult to understand the benefits to end-users.\u201d\n\nHuber added: \u201cHowever, it\u2019s not too difficult to see how this new format benefits bad actors. They\u2019ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts.\u201d\n\n[](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART-Bottom-Image&utm_campaign=Nov_webinar>)\n\n**Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**\n", "cvss3": {}, "published": "2020-11-10T21:12:21", "type": "threatpost", "title": "Microsoft Patch Tuesday Update Fixes 17 Critical Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17078", "CVE-2020-17087"], "modified": "2020-11-10T21:12:21", "id": "THREATPOST:D48D061BB27415A9A171838BA457EB0E", "href": "https://threatpost.com/microsoft-patch-tuesday-critical-bugs/161098/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "mscve": [{"lastseen": "2023-12-06T17:04:53", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Raw Image Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17086"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17086", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:05:04", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "WebP Image Extensions Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17102"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17102", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17102", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:05:06", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Update Medic Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17070"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17070", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17070", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:04:57", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17038"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17038", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17038", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:03", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "HEVC Video Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17108"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17108", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17108", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:04:57", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17035"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17035", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17035", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:05", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Update Stack Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17077"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17077", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17077", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:05", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17076"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17076", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17076", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:06", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17073"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17073", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17073", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:04:58", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows MSCTF Server Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17030"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17030", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17030", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-12-06T17:05:03", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "HEVC Video Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17110"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17110", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17110", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:04", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "AV1 Video Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17105"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17105", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17105", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:05", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Raw Image Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17079"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17079", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17079", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:05:06", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Delivery Optimization Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17071"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17071", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17071", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:04:57", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Function Discovery SSDP Provider Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17036"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17036", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17036", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-12-06T17:05:03", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "HEVC Video Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17109"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17109", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17109", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:06", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows GDI+ Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17068"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17068", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17068", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:03", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "HEVC Video Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17106"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17106", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17106", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:03", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "HEVC Video Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17107"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17107", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17107", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:06", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Update Orchestrator Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17074"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17074", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17074", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:04:57", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows WalletService Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17037"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17037", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17037", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:05:05", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Raw Image Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17078", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17078", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:04:58", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Canonical Display Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17029"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17029", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17029", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-12-06T17:05:08", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "DirectX Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16998"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-16998", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16998", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:04:54", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Microsoft Raw Image Extension Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17081"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17081", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17081", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:04:57", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Hyper-V Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17040"], "modified": "2020-11-11T08:00:00", "id": "MS:CVE-2020-17040", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:05:03", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Camera Codec Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17113"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17113", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17113", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:04:56", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Error Reporting Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17046"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17046", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17046", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T17:05:07", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows WalletService Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16999"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-16999", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16999", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:04:58", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Remote Access Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17032"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17032", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17032", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:04:58", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Remote Access Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17028"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17028", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17028", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:05:06", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17057"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17057", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17057", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T17:04:56", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Network File System Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17047"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17047", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17047", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T17:05:07", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17004"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17004", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17004", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:04:56", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Remote Access Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17043"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17043", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17043", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:04:57", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Remote Access Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17034"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17034", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17034", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:04:59", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Remote Access Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17025"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17025", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17025", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:05:06", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows NDIS Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17069"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17069", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17069", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:05:05", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Microsoft Defender for Endpoint Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17090"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17090", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:05:05", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17088"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17088", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17088", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:04:56", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17051"], "modified": "2020-11-16T08:00:00", "id": "MS:CVE-2020-17051", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:46", "description": "[](<https://thehackernews.com/images/-SSbDtuq5p6I/X6u3kb-4j9I/AAAAAAAAA_k/O2lxJLtO0ckb7kXyo7sAerMCMc2AMCCBwCLcBGAsYHQ/s0/microsoft-windows-patch-update.jpg>)\n\nMicrosoft formally released fixes for 112 newly discovered security vulnerabilities as part of its [November 2020 Patch Tuesday](<https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Nov>), including an actively exploited zero-day flaw disclosed by Google's security team last week.\n\nThe rollout addresses flaws, 17 of which are rated as Critical, 93 are rated as Important, and two are rated Low in severity, once again bringing the patch count over 110 after a drop last month.\n\nThe security updates encompass a range of software, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer, Edge, ChakraCore, Exchange Server, Microsoft Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.\n\nChief among those fixed is [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>) (CVSS score 7.8), a buffer overflow flaw in Windows Kernel Cryptography Driver (\"cng.sys\") that was [disclosed on October 30](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>) by the Google Project Zero team as being used in conjunction with a Chrome zero-day to compromise Windows 7 and Windows 10 users.\n\nFor its part, Google released an update for its Chrome browser to address the zero-day (CVE-2020-15999) last month.\n\nMicrosoft's advisory about the flaw doesn't go into any details beyond the fact that it was a \"Windows Kernel Local Elevation of Privilege Vulnerability\" in part to [restructure security advisories](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>) in line with the Common Vulnerability Scoring System (CVSS) format starting this month.\n\nOutside of the zero-day, the update fixes a number of remote code execution (RCE) vulnerabilities impacting Exchange Server ([CVE-2020-17084](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17084>)), Network File System ([CVE-2020-17051](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>)), and Microsoft Teams ([CVE-2020-17091](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17091>)), as well as a security bypass flaw in Windows Hyper-V virtualization software ([CVE-2020-17040](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17040>)).\n\nCVE-2020-17051 is rated 9.8 out of a maximum 10 on the CVSS score, making it a critical vulnerability. Microsoft, however, noted that the attack complexity of the flaw \u2014 the conditions beyond the attacker's control that must exist in order to exploit the vulnerability \u2014 is low.\n\nAs with the zero-day, the advisories associated with these security shortcomings are light on descriptions, with little to no information on how these RCE flaws are abused or which security feature in Hyper-V is being bypassed.\n\nOther critical flaws fixed by Microsoft this month include memory corruption vulnerabilities in Microsoft Scripting Engine (CVE-2020-17052) and Internet Explorer (CVE-2020-17053), and multiple RCE flaws in HEVC Video Extensions Codecs library.\n\nIt's highly recommended that Windows users and system administrators apply the latest security patches to resolve the threats associated with these issues.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T10:09:00", "type": "thn", "title": "Microsoft Releases Windows Security Updates For Critical Flaws", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-17040", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17084", "CVE-2020-17087", "CVE-2020-17091"], "modified": "2020-11-11T10:29:27", "id": "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "href": "https://thehackernews.com/2020/11/microsoft-releases-windows-security.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2020-11-24T10:28:18", "description": "**Adobe** and **Microsoft** each issued a bevy of updates today to plug critical security holes in their software. Microsoft's release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.\n\n\n\nSome 17 of the 112 issues fixed in today's patch batch involve "critical" problems in Windows, or those that can be exploited by malware or malcontents to seize complete, remote control over a vulnerable Windows computer without any help from users.\n\nMost of the rest were assigned the rating "important," which [in Redmond parlance](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system>) refers to a vulnerability whose exploitation could "compromise the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources."\n\nA chief concern among all these updates this month is [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>), which is an "important" bug in the Windows kernel that is already seeing active exploitation. CVE-2020-17087 is not listed as critical because it's what's known as a privilege escalation flaw that would allow an attacker who has already compromised a less powerful user account on a system to gain administrative control. In essence, it would have to be chained with another exploit.\n\nUnfortunately, this is exactly what Google researchers described witnessing recently. On Oct. 20, **Google** released an update for its **Chrome** browser which fixed a bug ([CVE-2020-15999](<https://nvd.nist.gov/vuln/detail/CVE-2020-15999>)) that was seen being used in conjunction with CVE-2020-17087 to compromise Windows users.\n\nIf you take a look at the advisory Microsoft released today for CVE-2020-17087 (or any others from today's batch), you might notice they look a bit more sparse. That's because Microsoft has opted to restructure those advisories around the [Common Vulnerability Scoring System](<https://nvd.nist.gov/vuln-metrics/cvss>) (CVSS) format to more closely align the format of the advisories with that of other major software vendors.\n\nBut in so doing, Microsoft has also removed some useful information, such as the description explaining in broad terms the scope of the vulnerability, how it can be exploited, and what the result of the exploitation might be. Microsoft explained its reasoning behind this shift in [a blog post](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>).\n\nNot everyone is happy with the new format. **Bob Huber**, chief security officer at [Tenable](<https://www.tenable.com>), praised Microsoft for adopting an industry standard, but said the company should consider that folks who review Patch Tuesday releases aren\u2019t security practitioners but rather IT counterparts responsible for actually applying the updates who often aren\u2019t able (and shouldn\u2019t have to) decipher raw CVSS data.\n\n"With this new format, end users are completely blind to how a particular CVE impacts them," Huber said. "What\u2019s more, this makes it nearly impossible to determine the urgency of a given patch. It\u2019s difficult to understand the benefits to end-users. However, it\u2019s not too difficult to see how this new format benefits bad actors. They\u2019ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts."\n\n**Dustin Childs **with **Trend Micro**'s [Zero Day Initiative](<https://www.zerodayinitiative.com/>) also puzzled over the lack of details included in Microsoft advisories tied to two other flaws fixed today -- including one in **Microsoft Exchange Server **([CVE-2020-16875](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16875>)) and [CVE-2020-17051](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>), which is a scary-looking weakness in the **Windows Network File System (NFS)**.\n\nThe Exchange problem, Childs said, was reported by the winner of the [Pwn2Own Miami bug finding contest](<https://www.thezdi.com/blog/2020/1/21/pwn2own-miami-2020-schedule-and-live-results>).\n\n"With no details provided by Microsoft, we can only assume this is the bypass of CVE-2020-16875 he had previously mentioned," Childs said. "It is very likely he will publish the details of these bugs soon. Microsoft rates this as important, but I would treat it as critical, especially since people seem to find it hard to patch Exchange at all."\n\nLikewise, with CVE-2020-17051, there was a noticeable lack of detail for bug that earned a CVSS score of 9.8 (10 is the most dangerous).\n\n"With no description to work from, we need to rely on the CVSS to provide clues about the real risk from the bug," Childs said. "Considering this is listed as no user interaction with low attack complexity, and considering NFS is a network service, you should treat this as wormable until we learn otherwise."\n\nSeparately, Adobe today released updates to plug at least 14 security holes in Adobe Acrobat and Reader. Details about those fixes are available [here](<https://helpx.adobe.com/security/products/acrobat/apsb20-67.html>). There are no security updates for Adobe's Flash Player, which Adobe has said will be retired at the end of the year. Microsoft, which has bundled versions of Flash with its Web browsers, says it plans to ship an update in December that will remove Flash from Windows PCs, and last month it made the removal tool [available for download](<https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player>).\n\nWindows 10 users should be aware that the operating system will download updates and install them on its own schedule, closing out active programs and rebooting the system. If you wish to ensure Windows has been set to pause updating so you can back up your files and/or system, see [this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nBut please do back up your system before applying any of these updates. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAs always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-11T01:56:41", "type": "krebs", "title": "Patch Tuesday, November 2020 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16875", "CVE-2020-17051", "CVE-2020-17087"], "modified": "2020-11-11T01:56:41", "id": "KREBS:613A537780BD40A6F8E0047CE8D3E6EC", "href": "https://krebsonsecurity.com/2020/11/patch-tuesday-november-2020-edition/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:37:08", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft DirectX Elevation of Privilege (CVE-2020-16998)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16998"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1161", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:36:30", "description": "A denial of service vulnerability has been reported in Windows Network File System. The vulnerability is due to improper handling of crafted RPC packets. A remote attacker can exploit this vulnerability by sending malicious RPC calls to a targe server.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-16T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Network File System Denial of Service (CVE-2020-17047)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17047"], "modified": "2020-11-16T00:00:00", "id": "CPAI-2020-1188", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-16T19:37:03", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Network File System Remote Code Execution (CVE-2020-17051)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17051"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1175", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:09", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Win32k Elevation of Privilege (CVE-2020-17057)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17057"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1162", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:05", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Win32k Elevation of Privilege (CVE-2020-17038)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17038"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1163", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:05", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2020-17088)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17088"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1176", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-11-05T10:11:15", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server Delivery Optimization is vulnerable to information disclosure. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63308)", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17071"], "modified": "2021-08-19T00:00:00", "id": "CNVD-2021-63308", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-63308", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-05T09:53:11", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial-of-service vulnerability exists in the Microsoft Windows/Windows Server network file system. No detailed vulnerability details are available.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66066)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17047"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66066", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66066", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-11-05T09:54:00", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA) Microsoft Windows is an operating system for personal devices Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server errors report an elevation of privilege vulnerability that could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66104)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17007"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66104", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66104", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T09:53:34", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66108)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17035"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66108", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66108", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-05T10:13:32", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server MSCTF Server is vulnerable to information disclosure. No detailed vulnerability details are available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63304)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17030"], "modified": "2021-08-19T00:00:00", "id": "CNVD-2021-63304", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-63304", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-05T09:52:54", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server remote access, which could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66117)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17032"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66117", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66117", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T09:53:24", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server Win32k has an elevation of privilege vulnerability that could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66110)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17038"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66110", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66110", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-05T08:30:10", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the Common Log File System driver in Microsoft Windows/Windows Server, which could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90796)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17088"], "modified": "2021-11-25T00:00:00", "id": "CNVD-2021-90796", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-90796", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T09:53:09", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server remote access, which could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66114)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17027"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66114", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66114", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T10:13:14", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in Microsoft Windows/Windows Server Function Discovery SSDP Provider. No detailed vulnerability details are available at this time.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63305)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17036"], "modified": "2021-08-19T00:00:00", "id": "CNVD-2021-63305", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-63305", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-05T09:54:10", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server DirectX, which can be exploited by attackers to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66103)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16998"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66103", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66103", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T09:52:58", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server remote access, which could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66116)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17031"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66116", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66116", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T09:53:16", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial-of-service vulnerability has been reported in Microsoft Windows/Windows Server errors. No detailed vulnerability details are available at this time.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66065)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17046"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66065", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66065", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-11-05T10:13:33", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in the Microsoft Windows/Windows Server Canonical Display driver. No detailed vulnerability details are available at this time.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63303)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17029"], "modified": "2021-08-19T00:00:00", "id": "CNVD-2021-63303", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-63303", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-05T10:14:04", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA).Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. An information disclosure vulnerability exists in the Microsoft Windows/Windows Server graphics component, which can be exploited by an attacker to read the contents of kernel memory from a user-mode process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Information Disclosure Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17004"], "modified": "2021-08-19T00:00:00", "id": "CNVD-2021-63301", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-63301", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-05T10:14:04", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA).Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Microsoft Windows/Windows Server Win32k has an information disclosure vulnerability that can be exploited by attackers to read uninitialized memory and kernel memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63302)", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17013"], "modified": "2021-08-19T00:00:00", "id": "CNVD-2021-63302", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-63302", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-05T09:47:23", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. An attacker could exploit this vulnerability to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68734)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17033"], "modified": "2021-09-07T00:00:00", "id": "CNVD-2021-68734", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-68734", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T10:11:29", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA), Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server NDIS is vulnerable to NDIS information disclosure. No detailed vulnerability details are available at this time.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63307)", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17069"], "modified": "2021-08-19T00:00:00", "id": "CNVD-2021-63307", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-63307", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-05T10:19:38", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA) Microsoft Windows is an operating system for personal devices Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server GDI has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code execution vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62488)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17068"], "modified": "2021-08-17T00:00:00", "id": "CNVD-2021-62488", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-62488", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-05T09:53:20", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation (USA) Microsoft Windows is an operating system for personal devices Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows/Windows Server printer configuration, which could be exploited by an attacker to compromise confidentiality, integrity, and availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66111)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17041"], "modified": "2021-08-29T00:00:00", "id": "CNVD-2021-66111", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-66111", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "githubexploit": [{"lastseen": "2022-06-14T18:22:21", "description": "# cve-2020-...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-23T10:02:47", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17057"], "modified": "2022-06-14T13:06:31", "id": "9A4F194A-7042-54AC-99F2-2A2D7A6FC5BD", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "zdi": [{"lastseen": "2023-12-06T17:29:31", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of DirectComposition in the Windows kernel. Crafted parameters to a system call can trigger access to a pointer prior to initialization. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T00:00:00", "type": "zdi", "title": "Microsoft Windows DirectComposition Uninitialized Pointer Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17057"], "modified": "2020-11-11T00:00:00", "id": "ZDI-20-1371", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1371/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-12-06T16:41:18", "description": "Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nThe following packages have been upgraded to a later upstream version: krb5 (1.20.1). (BZ#2016312)\n\nSecurity Fix(es):\n\n* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-09T05:14:28", "type": "redhat", "title": "(RHSA-2023:2570) Moderate: krb5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2023-05-09T06:03:08", "id": "RHSA-2023:2570", "href": "https://access.redhat.com/errata/RHSA-2023:2570", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cbl_mariner": [{"lastseen": "2023-12-08T20:18:37", "description": "CVE-2020-17049 affecting package samba 4.12.5-5. No patch is available currently.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-12-08T20:18:37", "type": "cbl_mariner", "title": "CVE-2020-17049 affecting package samba 4.12.5-5", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2023-12-08T20:18:37", "id": "CBLMARINER:10661", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}
KLA12004 Multiple vulnerabilities in Microsoft Windows
