{"id": "MS:CVE-2020-0655", "bulletinFamily": "microsoft", "title": "Remote Desktop Services\u00a0Remote Code Execution Vulnerability", "description": "A remote code execution vulnerability exists in Remote Desktop Services \u2013 formerly known as Terminal Services \u2013 when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker must already have compromised a system running Remote Desktop Services, and then wait for a victim system to connect to Remote Desktop Services.\n\nThe update addresses the vulnerability by correcting how Remote Desktop Services handles clipboard redirection.\n", "published": "2020-02-20T08:00:00", "modified": "2020-02-20T08:00:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0655", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-0655"], "type": "mscve", "lastseen": "2020-08-07T11:48:21", "edition": 3, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-0655"]}, {"type": "attackerkb", "idList": ["AKB:5B9203AD-A2DF-4463-BF80-67418684E798"]}, {"type": "thn", "idList": ["THN:A9338D15C21275762A7F28C42DDA74EE"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_FEB_4532693.NASL", "SMB_NT_MS20_FEB_4537820.NASL", "SMB_NT_MS20_FEB_4537821.NASL", "SMB_NT_MS20_FEB_4537776.NASL", "SMB_NT_MS20_FEB_4537764.NASL", "SMB_NT_MS20_FEB_4537810.NASL", "SMB_NT_MS20_FEB_4537762.NASL", "SMB_NT_MS20_FEB_4537789.NASL", "SMB_NT_MS20_FEB_4537814.NASL", "SMB_NT_MS20_FEB_4532691.NASL"]}, {"type": "kaspersky", "idList": ["KLA11662", "KLA11694"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310816560", "OPENVAS:1361412562310816561", "OPENVAS:1361412562310816562", "OPENVAS:1361412562310815773", "OPENVAS:1361412562310816559", "OPENVAS:1361412562310815775", "OPENVAS:1361412562310815776", "OPENVAS:1361412562310816558"]}, {"type": "talosblog", "idList": ["TALOSBLOG:EA0E0FACD93EAC05E55A6C64CC82F3F6"]}], "modified": "2020-08-07T11:48:21", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2020-08-07T11:48:21", "rev": 2}, "vulnersScore": 6.7}, "kbList": ["KB4537789", "KB4534297", "KB4534276", "KB4534310", "KB4534303", "KB4534293", "KB4528760", "KB4537821", "KB4534306", "KB4534271", "KB4532691", "KB4532693", "KB4537764", "KB4537776", "KB4537810", "KB4534273", "KB4537814", "KB4534283", "KB4537762", "KB4537820"], "msrc": "", "mscve": "CVE-2020-0655", "msAffectedSoftware": [{"kb": "KB4537776", "kbSupersedence": "KB4534306", "msplatform": "", "name": "Windows 10 for 32-bit Systems"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows Server, version 1909 (Server Core installation)"}, {"kb": "KB4537762", "kbSupersedence": "KB4534293", "msplatform": "", "name": "Windows 10 Version 1803 for 32-bit Systems"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows 10 Version 1909 for x64-based Systems"}, {"kb": "KB4537810", "kbSupersedence": "KB4534303", "msplatform": "", "name": "Windows Server 2008 for 32-bit Systems Service Pack 2"}, {"kb": "KB4537810", "kbSupersedence": "KB4534303", "msplatform": "", "name": "Windows Server 2008 for x64-based Systems Service Pack 2"}, {"kb": "KB4537821", "kbSupersedence": "KB4534297", "msplatform": "", "name": "Windows RT 8.1"}, {"kb": "KB4537821", "kbSupersedence": "KB4534297", "msplatform": "", "name": "Windows Server 2012 R2"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows 10 Version 1909 for ARM64-based Systems"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows Server, version 1903 (Server Core installation)"}, {"kb": "KB4537810", "kbSupersedence": "KB4534303", "msplatform": "", "name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows 10 Version 1903 for ARM64-based Systems"}, {"kb": "KB4537764", "kbSupersedence": "KB4534271", "msplatform": "", "name": "Windows Server 2016 (Server Core installation)"}, {"kb": "KB4532691", "kbSupersedence": "KB4534273", "msplatform": "", "name": "Windows 10 Version 1809 for ARM64-based Systems"}, {"kb": "KB4537762", "kbSupersedence": "KB4534293", "msplatform": "", "name": "Windows 10 Version 1803 for ARM64-based Systems"}, {"kb": "KB4537820", "kbSupersedence": "KB4534310", "msplatform": "", "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"}, {"kb": "KB4537821", "kbSupersedence": "KB4534297", "msplatform": "", "name": "Windows 8.1 for x64-based systems"}, {"kb": "KB4537762", "kbSupersedence": "KB4534293", "msplatform": "", "name": "Windows 10 Version 1803 for x64-based Systems"}, {"kb": "KB4537764", "kbSupersedence": "KB4534271", "msplatform": "", "name": "Windows 10 Version 1607 for 32-bit Systems"}, {"kb": "KB4532691", "kbSupersedence": "KB4534273", "msplatform": "", "name": "Windows Server 2019"}, {"kb": "KB4537810", "kbSupersedence": "KB4534303", "msplatform": "", "name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"}, {"kb": "KB4537789", "kbSupersedence": "KB4534276", "msplatform": "", "name": "Windows 10 Version 1709 for ARM64-based Systems"}, {"kb": "KB4532691", "kbSupersedence": "KB4534273", "msplatform": "", "name": "Windows Server 2019 (Server Core installation)"}, {"kb": "KB4537762", "kbSupersedence": "KB4534293", "msplatform": "", "name": "Windows Server, version 1803 (Server Core Installation)"}, {"kb": "KB4537789", "kbSupersedence": "KB4534276", "msplatform": "", "name": "Windows 10 Version 1709 for x64-based Systems"}, {"kb": "KB4537814", "kbSupersedence": "KB4534283", "msplatform": "", "name": "Windows Server 2012 (Server Core installation)"}, {"kb": "KB4537821", "kbSupersedence": "KB4534297", "msplatform": "", "name": "Windows 8.1 for 32-bit systems"}, {"kb": "KB4537820", "kbSupersedence": "KB4534310", "msplatform": "", "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"}, {"kb": "KB4537776", "kbSupersedence": "KB4534306", "msplatform": "", "name": "Windows 10 for x64-based Systems"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows 10 Version 1903 for 32-bit Systems"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows 10 Version 1903 for x64-based Systems"}, {"kb": "KB4532693", "kbSupersedence": "KB4528760", "msplatform": "", "name": "Windows 10 Version 1909 for 32-bit Systems"}, {"kb": "KB4532691", "kbSupersedence": "KB4534273", "msplatform": "", "name": "Windows 10 Version 1809 for 32-bit Systems"}, {"kb": "KB4537821", "kbSupersedence": "KB4534297", "msplatform": "", "name": "Windows Server 2012 R2 (Server Core installation)"}, {"kb": "KB4532691", "kbSupersedence": "KB4534273", "msplatform": "", "name": "Windows 10 Version 1809 for x64-based Systems"}, {"kb": "KB4537820", "kbSupersedence": "KB4534310", "msplatform": "", "name": "Windows 7 for 32-bit Systems Service Pack 1"}, {"kb": "KB4537789", "kbSupersedence": "KB4534276", "msplatform": "", "name": "Windows 10 Version 1709 for 32-bit Systems"}, {"kb": "KB4537820", "kbSupersedence": "KB4534310", "msplatform": "", "name": "Windows 7 for x64-based Systems Service Pack 1"}, {"kb": "KB4537764", "kbSupersedence": "KB4534271", "msplatform": "", "name": "Windows 10 Version 1607 for x64-based Systems"}, {"kb": "KB4537764", "kbSupersedence": "KB4534271", "msplatform": "", "name": "Windows Server 2016"}, {"kb": "KB4537814", "kbSupersedence": "KB4534283", "msplatform": "", "name": "Windows Server 2012"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T07:36:53", "description": "A remote code execution vulnerability exists in Remote Desktop Services \u00e2\u20ac\u201c formerly known as Terminal Services \u00e2\u20ac\u201c when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services\u00c2 Remote Code Execution Vulnerability'.", "edition": 5, "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-11T22:15:00", "title": "CVE-2020-0655", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0655"], "modified": "2020-02-13T18:08:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0655", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0655", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2020-11-18T06:36:52", "bulletinFamily": "info", "cvelist": ["CVE-2019-0887", "CVE-2020-0655"], "description": "A remote code execution vulnerability exists in Remote Desktop Services \u00e2\u20ac\u201c formerly known as Terminal Services \u00e2\u20ac\u201c when an authenticated attacker abuses clipboard redirection, aka \u2018Remote Desktop Services\u00c2 Remote Code Execution Vulnerability\u2019.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at May 14, 2020 3:27pm UTC reported:\n\nA vulnerability exists within `PathCchCanonicalize` that can be leveraged by a malicious RDP server to write files on a connected RDP client system. The vulnerability is related to how forward and back slash characters are processed and is related to the older CVE-2019-0887 in the sense that this vulnerability is a bypass for the mitigation which it introduced.\n\nExploiting this vulnerability would involve an attacker configuring a malicious RDP server and then tricking a client to connect to it, authenticate to it and then initiate a copy and paste operation from the malicious server to their client system.\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 2\n", "modified": "2020-07-24T00:00:00", "published": "2020-02-11T00:00:00", "id": "AKB:5B9203AD-A2DF-4463-BF80-67418684E798", "href": "https://attackerkb.com/topics/5uxbDmy4at/cve-2020-0655", "type": "attackerkb", "title": "CVE-2020-0655", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2020-05-14T12:03:11", "bulletinFamily": "info", "cvelist": ["CVE-2019-0887", "CVE-2020-0655"], "description": "[](<https://thehackernews.com/images/-nGi9j7Al83s/Xr0ZrvMm9EI/AAAAAAAAAVw/X9PneGcnn8YnvsGtZewTKmu_l5x2VEpUACLcBGAsYHQ/s728-e100/reverse-rdp-attack.jpg>)\n\nRemember the [Reverse RDP Attack](<https://thehackernews.com/2019/02/remote-desktop-hacking.html>)\u2014wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? \n \nThough Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes. \n \nMicrosoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655. \n \nIn the latest report shared with The Hacker News, Check Point researcher [disclosed](<https://research.checkpoint.com/2020/reverse-rdp-the-path-not-taken/>) that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function \"PathCchCanonicalize,\" unchanged. \n\n\n \nApparently, the workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof enough to protect other third-party RDP clients against the same attack that relies on the vulnerable sanitization function developed by Microsoft. \n \n\"We found that not only can an attacker bypass Microsoft's patch, but they can bypass any canonicalization check that was done according to Microsoft's best practices,\" Check Point researcher Eyal Itkin said in a report shared with The Hacker News. \n \nFor those unaware, [path traversal attacks](<https://owasp.org/www-community/attacks/Path_Traversal>) occur when a program that accepts a file as input fails to verify it, allowing an attacker to save the file in any chosen location on the target system, and thus exposing the contents of files outside of the root directory of the application. \n \n\"A remote malware-infected computer could take over any client that tries to connect to it. For example, if an IT staff member tried to connect to a remote corporate computer that was infected by malware, the malware would be able to attack the IT staff member's computer as well,\" the researchers described. \n \nThe flaw came to light [last year](<https://thehackernews.com/2019/02/remote-desktop-hacking.html>), and a subsequent research in August found that it impacted Microsoft's [Hyper-V hardware virtualization](<https://thehackernews.com/2019/08/reverse-rdp-windows-hyper-v.html>) platform as well. \n \nHere's a demonstration video on the original vulnerability from the last year: \n \n\n\n \n\n\n## An Improperly Patched Path Traversal Flaw\n\n \nAccording to researchers, the July patch can be bypassed because of a problem that lies in its path canonicalization function \"[PathCchCanonicalize](<https://docs.microsoft.com/en-us/windows/win32/api/pathcch/nf-pathcch-pathcchcanonicalize>),\" which is used to [sanitize file paths](<https://docs.microsoft.com/en-us/windows/win32/api/shlwapi/nf-shlwapi-pathcanonicalizea>), thus allowing a bad actor to exploit the clipboard synchronization between a client and a server to drop arbitrary files in arbitrary paths on the client machine. \n \nIn other words, when using the clipboard redirection feature while connected to a compromised RDP server, the server can use the shared RDP clipboard to send files to the client's computer and achieve remote code execution. \n\n\n \nAlthough Check Point researchers originally confirmed that \"the fix matches our initial expectations,\" it appears there's more to it than meets the eye: the patch can be simply bypassed by replacing backward slashes (e.g., file\\to\\location) in paths with forward slashes (e.g., file/to/location), which traditionally act as path [separators in Unix-based systems](<https://www.howtogeek.com/181774/why-windows-uses-backslashes-and-everything-else-uses-forward-slashes/>). \n \n\"It seems that PathCchCanonicalize, the function that is mentioned in Windows's best practice guide on how to canonicalize a hostile path, ignored the forward-slash characters,\" Itkin said. \"We verified this behavior by reverse-engineering Microsoft's implementation of the function, seeing that it splits the path to parts by searching only for '\\' and ignoring '/.'\" \n \n\n\n[](<https://thehackernews.com/images/-LE0N5YX_AIg/Xr0cRtfvlyI/AAAAAAAA2wk/3Jyp0q6Dd-UnqC1zjxjf9mc6GM_TIRkvACLcBGAsYHQ/s728-e100/reverse-rdp-attack.jpg>)\n\n \nThe cybersecurity firm said it found the flaw when trying to examine Microsoft's Remote Desktop client for Mac, an RDP client that was left out from their initial analysis last year. Interestingly, the macOS RDP client in itself isn't vulnerable to CVE-2019-0887. \n \nWith the main vulnerability still not rectified, Check Point cautioned that the implications of a simple bypass to a core Windows path sanitation function pose a serious risk to many other software products that could potentially be affected. \n \n\"Microsoft neglected to fix the vulnerability in their official API, and so all programs that were written according to Microsoft's best practices will still be vulnerable to a Path-Traversal attack,\" Check Point's Omri Herscovici said. \"We want developers to be aware of this threat so that they could go over their programs and manually apply a patch against it.\"\n", "modified": "2020-05-14T10:24:50", "published": "2020-05-14T10:20:00", "id": "THN:A9338D15C21275762A7F28C42DDA74EE", "href": "https://thehackernews.com/2020/05/reverse-rdp-attack-patch.html", "type": "thn", "title": "Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-05-09T12:06:38", "description": "The remote Windows host is missing security update 4537822\nor cumulative update 4537810. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0680, CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-0736)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-24T00:00:00", "title": "KB4537822: Windows Server 2008 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0736", "CVE-2020-0680", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0748"], "modified": "2020-03-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_FEB_4537810.NASL", "href": "https://www.tenable.com/plugins/nessus/134863", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134863);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/08\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0686\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0705\",\n \"CVE-2020-0708\",\n \"CVE-2020-0715\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0735\",\n \"CVE-2020-0736\",\n \"CVE-2020-0737\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0748\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\"\n );\n script_xref(name:\"MSKB\", value:\"4537822\");\n script_xref(name:\"MSKB\", value:\"4537810\");\n script_xref(name:\"MSFT\", value:\"MS20-4537822\");\n script_xref(name:\"MSFT\", value:\"MS20-4537810\");\n\n script_name(english:\"KB4537822: Windows Server 2008 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537822\nor cumulative update 4537810. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0680, CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-0736)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\");\n # https://support.microsoft.com/en-us/help/4537822/windows-server-2008-update-kb4537822\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1413c49\");\n # https://support.microsoft.com/en-us/help/4537810/windows-server-2008-update-kb4537810\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee6ae1db\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4537822 or Cumulative Update KB4537810.\n\nPlease Note: These updates are only available through Microsoft's Extended Support Updates program.\nThis operating system is otherwise unsupported.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537810', '4537822');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537810, 4537822])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-05-09T12:06:39", "description": "The remote Windows host is missing security update 4537813\nor cumulative update 4537820. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0680, CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-0736)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-03-24T00:00:00", "title": "KB4537813: Windows 7 and Windows Server 2008 R2 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0736", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0748"], "modified": "2020-03-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_FEB_4537820.NASL", "href": "https://www.tenable.com/plugins/nessus/134864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134864);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/08\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0686\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0703\",\n \"CVE-2020-0705\",\n \"CVE-2020-0708\",\n \"CVE-2020-0715\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0736\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0748\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\"\n );\n script_xref(name:\"MSKB\", value:\"4537820\");\n script_xref(name:\"MSKB\", value:\"4537813\");\n script_xref(name:\"MSFT\", value:\"MS20-4537820\");\n script_xref(name:\"MSFT\", value:\"MS20-4537813\");\n\n script_name(english:\"KB4537813: Windows 7 and Windows Server 2008 R2 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537813\nor cumulative update 4537820. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0680, CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-0736)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\");\n # https://support.microsoft.com/en-us/help/4537820/windows-7-update-kb4537820\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d4017b3\");\n # https://support.microsoft.com/en-us/help/4537813/windows-7-update-kb4537813\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36196c17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4537813 or Cumulative Update KB4537820.\n\nPlease Note: These updates are only available through Microsoft's Extended Support Updates program.\nThis operating system is otherwise unsupported.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537820', '4537813');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537820, 4537813])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-09T12:06:39", "description": "The remote Windows host is missing security update 4537803\nor cumulative update 4537821. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 8, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537803: Windows 8.1 and Windows Server 2012 R2 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0818", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0716", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0817", "CVE-2020-0748"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_FEB_4537821.NASL", "href": "https://www.tenable.com/plugins/nessus/133615", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133615);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/08\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0660\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0715\",\n \"CVE-2020-0716\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0748\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4537821\");\n script_xref(name:\"MSKB\", value:\"4537803\");\n script_xref(name:\"MSFT\", value:\"MS20-4537821\");\n script_xref(name:\"MSFT\", value:\"MS20-4537803\");\n\n script_name(english:\"KB4537803: Windows 8.1 and Windows Server 2012 R2 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537803\nor cumulative update 4537821. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4537821/windows-8-1-kb4537821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4537803/windows-8-1-kb4537803\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4537803 or Cumulative Update KB4537821.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537821', '4537803');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537821, 4537803])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-09T12:06:39", "description": "The remote Windows host is missing security update 4537794\nor cumulative update 4537814. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537794: Windows Server 2012 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0817", "CVE-2020-0748"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_FEB_4537814.NASL", "href": "https://www.tenable.com/plugins/nessus/133614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133614);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/08\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0660\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0703\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0715\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0748\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0817\"\n );\n script_xref(name:\"MSKB\", value:\"4537814\");\n script_xref(name:\"MSKB\", value:\"4537794\");\n script_xref(name:\"MSFT\", value:\"MS20-4537814\");\n script_xref(name:\"MSFT\", value:\"MS20-4537794\");\n\n script_name(english:\"KB4537794: Windows Server 2012 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537794\nor cumulative update 4537814. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\");\n # https://support.microsoft.com/en-us/help/4537814/windows-server-2012-update-kb4537814\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?31092e92\");\n # https://support.microsoft.com/en-us/help/4537794/windows-server-2012-update-kb4537794\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c013318c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4537794 or Cumulative Update KB4537814.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537794', '4537814');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537794, 4537814])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:42", "description": "The remote Windows host is missing security update 4537776.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0742, CVE-2020-0749)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0709, CVE-2020-0732)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537776: Windows 10 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0732", "CVE-2020-0658", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0709", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0716", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0817", "CVE-2020-0748"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4537776.NASL", "href": "https://www.tenable.com/plugins/nessus/133612", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133612);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0709\",\n \"CVE-2020-0715\",\n \"CVE-2020-0716\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0732\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0742\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4537776\");\n script_xref(name:\"MSFT\", value:\"MS20-4537776\");\n\n script_name(english:\"KB4537776: Windows 10 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537776.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0742, CVE-2020-0749)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0709, CVE-2020-0732)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4537776/windows-10-update-kb4537776\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?632bdfd1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4537776.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537776');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537776])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4537764. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0742, CVE-2020-0743,\n CVE-2020-0749, CVE-2020-0750)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0709, CVE-2020-0732)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0712, CVE-2020-0713, CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537764: Windows 10 Version 1607 and Windows Server 2016 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0732", "CVE-2020-0658", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0709", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0716", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4537764.NASL", "href": "https://www.tenable.com/plugins/nessus/133611", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133611);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0661\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0670\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0709\",\n \"CVE-2020-0710\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\", \n \"CVE-2020-0715\",\n \"CVE-2020-0716\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0732\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4537764\");\n script_xref(name:\"MSFT\", value:\"MS20-4537764\");\n\n script_name(english:\"KB4537764: Windows 10 Version 1607 and Windows Server 2016 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537764. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0742, CVE-2020-0743,\n CVE-2020-0749, CVE-2020-0750)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0709, CVE-2020-0732)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0712, CVE-2020-0713, CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4537764/windows-10-update-kb4537764\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ed17ad3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4537764.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537764');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537764])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4537762.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537762: Windows 10 Version 1803 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4537762.NASL", "href": "https://www.tenable.com/plugins/nessus/133610", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133610);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0662\",\n \"CVE-2020-0663\", \n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0669\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0711\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\",\n \"CVE-2020-0714\",\n \"CVE-2020-0715\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0746\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4537762\");\n script_xref(name:\"MSFT\", value:\"MS20-4537762\");\n\n script_name(english:\"KB4537762: Windows 10 Version 1803 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537762.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4537762/windows-10-update-kb4537762\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4855af5f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4537762.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537762');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537762])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:44", "description": "The remote Windows host is missing security update 4537789.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716, CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0712, CVE-2020-0713, CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4537789: Windows 10 Version 1709 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0658", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0685", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4537789.NASL", "href": "https://www.tenable.com/plugins/nessus/133613", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133613);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0662\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\", \n \"CVE-2020-0715\",\n \"CVE-2020-0716\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4537789\");\n script_xref(name:\"MSFT\", value:\"MS20-4537789\");\n\n script_name(english:\"KB4537789: Windows 10 Version 1709 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4537789.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0716, CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0712, CVE-2020-0713, CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4537789/windows-10-update-kb4537789\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0982790\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4537789.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4537789');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4537789])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4532691.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0817)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4532691: Windows 10 Version 1809 and Windows Server 2019 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4532691.NASL", "href": "https://www.tenable.com/plugins/nessus/133608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133608);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0661\",\n \"CVE-2020-0662\",\n \"CVE-2020-0663\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0669\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0705\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0711\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\",\n \"CVE-2020-0714\",\n \"CVE-2020-0715\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0746\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0757\",\n \"CVE-2020-0767\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4532691\");\n script_xref(name:\"MSFT\", value:\"MS20-4532691\");\n\n script_name(english:\"KB4532691: Windows 10 Version 1809 and Windows Server 2019 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4532691.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0705)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0817)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4532691/windows-10-update-kb4532691\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddd07632\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4532691.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4532691');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532691])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4532693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-0751)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745, CVE-2020-0792)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4532693: Windows 10 Version 1903 and Windows 10 Version 1909 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4532693.NASL", "href": "https://www.tenable.com/plugins/nessus/133609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133609);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0661\",\n \"CVE-2020-0662\",\n \"CVE-2020-0663\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0669\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0711\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\",\n \"CVE-2020-0714\",\n \"CVE-2020-0715\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0746\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0751\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0757\",\n \"CVE-2020-0767\",\n \"CVE-2020-0792\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4532693\");\n script_xref(name:\"MSFT\", value:\"MS20-4532693\");\n\n script_name(english:\"KB4532693: Windows 10 Version 1903 and Windows 10 Version 1909 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4532693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-0751)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745, CVE-2020-0792)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4532693/windows-10-update-kb4532693\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebd73de2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4532693.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4532693');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532693])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532693])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-05T15:41:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0736", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0748"], "description": "This host is missing a critical security\n update according to Microsoft KB4537820", "modified": "2020-06-04T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310815776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815776", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4537820)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815776\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\", \"CVE-2020-0662\",\n \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\", \"CVE-2020-0668\",\n \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\", \"CVE-2020-0676\",\n \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0680\", \"CVE-2020-0681\",\n \"CVE-2020-0682\", \"CVE-2020-0683\", \"CVE-2020-0686\", \"CVE-2020-0691\",\n \"CVE-2020-0698\", \"CVE-2020-0703\", \"CVE-2020-0705\", \"CVE-2020-0708\",\n \"CVE-2020-0715\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0729\", \"CVE-2020-0730\", \"CVE-2020-0731\",\n \"CVE-2020-0734\", \"CVE-2020-0735\", \"CVE-2020-0736\", \"CVE-2020-0737\",\n \"CVE-2020-0738\", \"CVE-2020-0744\", \"CVE-2020-0745\", \"CVE-2020-0748\",\n \"CVE-2020-0752\", \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\",\n \"CVE-2020-0756\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 12:58:03 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4537820)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4537820\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - Windows Common Log File System (CLFS) driver fails to properly handle objects\n in memory.\n\n - Windows Search Indexer improperly handles objects in memory.\n\n - Cryptography Next Generation (CNG) service improperly handles objects in memory.\n\n - Windows Error Reporting manager improperly handles hard links.\n\n - Windows Function Discovery Service improperly handles objects in memory.\n\n For more information refer the references.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, elevate privilges and disclose sensitive information\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4537820\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24548\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24548\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0818", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0716", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0817", "CVE-2020-0748"], "description": "This host is missing a critical security\n update according to Microsoft KB4537821", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310815773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815773", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4537821)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815773\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\", \"CVE-2020-0660\",\n \"CVE-2020-0662\", \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\",\n \"CVE-2020-0668\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\", \"CVE-2020-0705\",\n \"CVE-2020-0706\", \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0715\",\n \"CVE-2020-0716\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0729\", \"CVE-2020-0730\", \"CVE-2020-0731\",\n \"CVE-2020-0734\", \"CVE-2020-0735\", \"CVE-2020-0737\", \"CVE-2020-0738\",\n \"CVE-2020-0744\", \"CVE-2020-0745\", \"CVE-2020-0748\", \"CVE-2020-0752\",\n \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\", \"CVE-2020-0756\",\n \"CVE-2020-0817\", \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 12:40:36 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4537821)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4537821\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Common Log File System (CLFS) driver fails to properly handle objects\n in memory.\n\n - Windows Search Indexer improperly handles objects in memory.\n\n - Cryptography Next Generation (CNG) service improperly handles objects in memory.\n\n - Windows Error Reporting manager improperly handles hard links.\n\n - Windows Function Discovery Service improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, elevate privilges, disclose sensitive information and\n cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64-based systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4537821\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!sysVer)\n exit(0);\n\nif(version_is_less(version:sysVer, test_version:\"6.3.9600.19630\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Win32k.sys\",\n file_version:sysVer, vulnerable_range:\"Less than 6.3.9600.19630\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0817", "CVE-2020-0748"], "description": "This host is missing a critical security\n update according to Microsoft KB4537814", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310815775", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815775", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4537814)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815775\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\", \"CVE-2020-0660\",\n \"CVE-2020-0662\", \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\",\n \"CVE-2020-0668\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\", \"CVE-2020-0703\",\n \"CVE-2020-0705\", \"CVE-2020-0706\", \"CVE-2020-0707\", \"CVE-2020-0708\",\n \"CVE-2020-0715\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0729\", \"CVE-2020-0730\", \"CVE-2020-0731\",\n \"CVE-2020-0734\", \"CVE-2020-0735\", \"CVE-2020-0737\", \"CVE-2020-0738\",\n \"CVE-2020-0744\", \"CVE-2020-0745\", \"CVE-2020-0748\", \"CVE-2020-0752\",\n \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\", \"CVE-2020-0756\",\n \"CVE-2020-0817\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 14:50:58 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4537814)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4537814\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Common Log File System (CLFS) driver fails to properly handle objects\n in memory.\n\n - Windows Search Indexer improperly handles objects in memory.\n\n - Cryptography Next Generation (CNG) service improperly handles objects in memory.\n\n - Windows Error Reporting manager improperly handles hard links.\n\n - Windows Function Discovery Service improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privileges, disclose sensitive information\n and cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4537814\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\ndllpath = smb_get_system32root();\nif(!dllpath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllpath, file_name:\"Win32k.sys\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.2.9200.22979\")) {\n report = report_fixed_ver(file_checked:dllpath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.2.9200.22979\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0732", "CVE-2020-0658", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0709", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0716", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0817", "CVE-2020-0748"], "description": "This host is missing a critical security\n update according to Microsoft KB4537776", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816558", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4537776)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816558\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\", \"CVE-2020-0659\",\n \"CVE-2020-0660\", \"CVE-2020-0662\", \"CVE-2020-0665\", \"CVE-2020-0666\",\n \"CVE-2020-0667\", \"CVE-2020-0668\", \"CVE-2020-0673\", \"CVE-2020-0674\",\n \"CVE-2020-0675\", \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\",\n \"CVE-2020-0679\", \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\",\n \"CVE-2020-0683\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0705\", \"CVE-2020-0706\",\n \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0709\", \"CVE-2020-0715\",\n \"CVE-2020-0716\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0729\", \"CVE-2020-0730\",\n \"CVE-2020-0731\", \"CVE-2020-0732\", \"CVE-2020-0734\", \"CVE-2020-0735\",\n \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\", \"CVE-2020-0742\",\n \"CVE-2020-0744\", \"CVE-2020-0745\", \"CVE-2020-0747\", \"CVE-2020-0748\",\n \"CVE-2020-0749\", \"CVE-2020-0752\", \"CVE-2020-0753\", \"CVE-2020-0754\",\n \"CVE-2020-0755\", \"CVE-2020-0756\", \"CVE-2020-0767\", \"CVE-2020-0817\",\n \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4537776)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4537776\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error in Active Directory Forest trusts due to a default setting that lets an\n attacker in the trusting forest request delegation of a TGT for an identity from\n the trusted forest.\n\n - An error in the way that the Windows Search Indexer handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4537776\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.10240.0\", test_version2:\"10.0.10240.18484\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.10240.0 - 10.0.10240.18484\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0658", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0685", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4537789", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816560", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4537789)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816560\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\", \"CVE-2020-0659\",\n \"CVE-2020-0660\", \"CVE-2020-0662\", \"CVE-2020-0665\", \"CVE-2020-0666\",\n \"CVE-2020-0667\", \"CVE-2020-0668\", \"CVE-2020-0670\", \"CVE-2020-0671\",\n \"CVE-2020-0672\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0685\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0701\", \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0705\",\n \"CVE-2020-0706\", \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0710\",\n \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0715\", \"CVE-2020-0716\",\n \"CVE-2020-0717\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0728\", \"CVE-2020-0729\",\n \"CVE-2020-0730\", \"CVE-2020-0731\", \"CVE-2020-0734\", \"CVE-2020-0735\",\n \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\", \"CVE-2020-0740\",\n \"CVE-2020-0741\", \"CVE-2020-0742\", \"CVE-2020-0743\", \"CVE-2020-0744\",\n \"CVE-2020-0745\", \"CVE-2020-0747\", \"CVE-2020-0748\", \"CVE-2020-0749\",\n \"CVE-2020-0750\", \"CVE-2020-0752\", \"CVE-2020-0753\", \"CVE-2020-0754\",\n \"CVE-2020-0755\", \"CVE-2020-0756\", \"CVE-2020-0767\", \"CVE-2020-0817\",\n \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4537789)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4537789\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error in Active Directory Forest trusts due to a default setting that lets an\n attacker in the trusting forest request delegation of a TGT for an identity from\n the trusted forest.\n\n - An error in the way that the Windows Search Indexer handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4537789\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1684\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1684\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0732", "CVE-2020-0658", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0709", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0716", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4537764", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816559", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4537764)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816559\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\", \"CVE-2020-0659\",\n \"CVE-2020-0660\", \"CVE-2020-0662\", \"CVE-2020-0665\", \"CVE-2020-0666\",\n \"CVE-2020-0667\", \"CVE-2020-0668\", \"CVE-2020-0673\", \"CVE-2020-0674\",\n \"CVE-2020-0675\", \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\",\n \"CVE-2020-0679\", \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\",\n \"CVE-2020-0683\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0705\", \"CVE-2020-0706\",\n \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0709\", \"CVE-2020-0715\",\n \"CVE-2020-0716\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0729\", \"CVE-2020-0730\",\n \"CVE-2020-0731\", \"CVE-2020-0732\", \"CVE-2020-0734\", \"CVE-2020-0735\",\n \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\", \"CVE-2020-0742\",\n \"CVE-2020-0744\", \"CVE-2020-0745\", \"CVE-2020-0747\", \"CVE-2020-0748\",\n \"CVE-2020-0749\", \"CVE-2020-0752\", \"CVE-2020-0753\", \"CVE-2020-0754\",\n \"CVE-2020-0755\", \"CVE-2020-0756\", \"CVE-2020-0767\", \"CVE-2020-0817\",\n \"CVE-2020-0818\", \"CVE-2020-0661\", \"CVE-2020-0670\", \"CVE-2020-0710\",\n \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0728\", \"CVE-2020-0750\",\n \"CVE-2020-0743\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4537764)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4537764\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error in Active Directory Forest trusts due to a default setting that lets an\n attacker in the trusting forest request delegation of a TGT for an identity from\n the trusted forest.\n\n - An error in the way that the Windows Search Indexer handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4537764\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3502\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3502\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2018-8267", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4532693", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816562", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4532693)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816562\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-8267\", \"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\",\n \"CVE-2020-0659\", \"CVE-2020-0660\", \"CVE-2020-0661\", \"CVE-2020-0662\",\n \"CVE-2020-0663\", \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\",\n \"CVE-2020-0668\", \"CVE-2020-0669\", \"CVE-2020-0670\", \"CVE-2020-0671\",\n \"CVE-2020-0672\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0685\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0701\", \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0706\",\n \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0710\", \"CVE-2020-0711\",\n \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0714\", \"CVE-2020-0715\",\n \"CVE-2020-0717\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0728\", \"CVE-2020-0729\",\n \"CVE-2020-0730\", \"CVE-2020-0731\", \"CVE-2020-0734\", \"CVE-2020-0735\",\n \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\", \"CVE-2020-0740\",\n \"CVE-2020-0741\", \"CVE-2020-0742\", \"CVE-2020-0743\", \"CVE-2020-0744\",\n \"CVE-2020-0745\", \"CVE-2020-0746\", \"CVE-2020-0747\", \"CVE-2020-0748\",\n \"CVE-2020-0749\", \"CVE-2020-0750\", \"CVE-2020-0751\", \"CVE-2020-0752\",\n \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\", \"CVE-2020-0756\",\n \"CVE-2020-0757\", \"CVE-2020-0767\", \"CVE-2020-0792\", \"CVE-2020-0817\",\n \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4532693)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532693\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error when Microsoft Edge does not properly enforce cross-domain policies.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532693\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.656\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.656\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2018-8267", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4532691", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816561", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4532691)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816561\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-8267\", \"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\",\n \"CVE-2020-0659\", \"CVE-2020-0660\", \"CVE-2020-0661\", \"CVE-2020-0662\",\n \"CVE-2020-0663\", \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\",\n \"CVE-2020-0668\", \"CVE-2020-0669\", \"CVE-2020-0670\", \"CVE-2020-0671\",\n \"CVE-2020-0672\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0685\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0701\", \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0705\",\n \"CVE-2020-0706\", \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0710\",\n \"CVE-2020-0711\", \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0714\",\n \"CVE-2020-0715\", \"CVE-2020-0717\", \"CVE-2020-0719\", \"CVE-2020-0720\",\n \"CVE-2020-0721\", \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\",\n \"CVE-2020-0725\", \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0728\",\n \"CVE-2020-0729\", \"CVE-2020-0730\", \"CVE-2020-0731\", \"CVE-2020-0734\",\n \"CVE-2020-0735\", \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\",\n \"CVE-2020-0740\", \"CVE-2020-0741\", \"CVE-2020-0742\", \"CVE-2020-0743\",\n \"CVE-2020-0744\", \"CVE-2020-0745\", \"CVE-2020-0746\", \"CVE-2020-0747\",\n \"CVE-2020-0748\", \"CVE-2020-0749\", \"CVE-2020-0750\", \"CVE-2020-0752\",\n \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\", \"CVE-2020-0756\",\n \"CVE-2020-0757\", \"CVE-2020-0767\", \"CVE-2020-0817\", \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4532691)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532691\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error when Microsoft Edge does not properly enforce cross-domain policies.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532691\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.1038\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.1038\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:35", "bulletinFamily": "info", "cvelist": ["CVE-2020-0737", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0721", "CVE-2020-0658", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0736", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0755", "CVE-2020-0725", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0662", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0748"], "description": "### *Detect date*:\n02/11/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were fixed in Microsoft Extended Security Updates. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nInternet Explorer 11 \nWindows Server 2012 R2 \nWindows 10 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows Server 2012 (Server Core installation) \nInternet Explorer 9 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2019 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nInternet Explorer 10 \nWindows Server 2012 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2016 \nWindows 10 Version 1903 for x64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0691](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0691>) \n[CVE-2020-0730](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0730>) \n[CVE-2020-0744](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0744>) \n[CVE-2020-0703](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0703>) \n[CVE-2020-0748](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0748>) \n[CVE-2020-0705](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0705>) \n[CVE-2020-0745](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0745>) \n[CVE-2020-0722](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0722>) \n[CVE-2020-0723](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0723>) \n[CVE-2020-0720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0720>) \n[CVE-2020-0721](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0721>) \n[CVE-2020-0726](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0726>) \n[CVE-2020-0724](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0724>) \n[CVE-2020-0725](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0725>) \n[CVE-2020-0662](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0662>) \n[CVE-2020-0667](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0667>) \n[CVE-2020-0666](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0666>) \n[CVE-2020-0665](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0665>) \n[CVE-2020-0668](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0668>) \n[CVE-2020-0681](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0681>) \n[CVE-2020-0680](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0680>) \n[CVE-2020-0683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0683>) \n[CVE-2020-0682](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0682>) \n[CVE-2020-0719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0719>) \n[CVE-2020-0686](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0686>) \n[CVE-2020-0736](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0736>) \n[CVE-2020-0708](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0708>) \n[CVE-2020-0657](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0657>) \n[CVE-2020-0738](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0738>) \n[CVE-2020-0715](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0715>) \n[CVE-2020-0678](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0678>) \n[CVE-2020-0674](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0674>) \n[CVE-2020-0675](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0675>) \n[CVE-2020-0676](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0676>) \n[CVE-2020-0677](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0677>) \n[CVE-2020-0735](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0735>) \n[CVE-2020-0734](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0734>) \n[CVE-2020-0737](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0737>) \n[CVE-2020-0673](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0673>) \n[CVE-2020-0753](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0753>) \n[CVE-2020-0752](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0752>) \n[CVE-2020-0655](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0655>) \n[CVE-2020-0756](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0756>) \n[CVE-2020-0755](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0755>) \n[CVE-2020-0754](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0754>) \n[CVE-2020-0658](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0658>) \n[CVE-2020-0731](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0731>) \n[CVE-2020-0729](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0729>) \n[CVE-2020-0698](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0698>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-0730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0730>)0.0Unknown \n[CVE-2020-0703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0703>)0.0Unknown \n[CVE-2020-0729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0729>)0.0Unknown \n[CVE-2020-0705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0705>)0.0Unknown \n[CVE-2020-0722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0722>)0.0Unknown \n[CVE-2020-0723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0723>)0.0Unknown \n[CVE-2020-0720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0720>)0.0Unknown \n[CVE-2020-0721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0721>)0.0Unknown \n[CVE-2020-0726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0726>)0.0Unknown \n[CVE-2020-0724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0724>)0.0Unknown \n[CVE-2020-0725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0725>)0.0Unknown \n[CVE-2020-0662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0662>)0.0Unknown \n[CVE-2020-0667](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0667>)0.0Unknown \n[CVE-2020-0666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0666>)0.0Unknown \n[CVE-2020-0665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0665>)0.0Unknown \n[CVE-2020-0668](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0668>)0.0Unknown \n[CVE-2020-0734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0734>)0.0Unknown \n[CVE-2020-0681](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0681>)0.0Unknown \n[CVE-2020-0680](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0680>)0.0Unknown \n[CVE-2020-0683](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0683>)0.0Unknown \n[CVE-2020-0682](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0682>)0.0Unknown \n[CVE-2020-0686](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0686>)0.0Unknown \n[CVE-2020-0708](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0708>)0.0Unknown \n[CVE-2020-0657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0657>)0.0Unknown \n[CVE-2020-0719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0719>)0.0Unknown \n[CVE-2020-0715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0715>)0.0Unknown \n[CVE-2020-0678](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0678>)0.0Unknown \n[CVE-2020-0731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0731>)0.0Unknown \n[CVE-2020-0675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0675>)0.0Unknown \n[CVE-2020-0676](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0676>)0.0Unknown \n[CVE-2020-0677](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0677>)0.0Unknown \n[CVE-2020-0737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0737>)0.0Unknown \n[CVE-2020-0736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0736>)0.0Unknown \n[CVE-2020-0753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0753>)0.0Unknown \n[CVE-2020-0752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0752>)0.0Unknown \n[CVE-2020-0655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0655>)0.0Unknown \n[CVE-2020-0756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0756>)0.0Unknown \n[CVE-2020-0755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0755>)0.0Unknown \n[CVE-2020-0738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0738>)0.0Unknown \n[CVE-2020-0735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0735>)0.0Unknown \n[CVE-2020-0754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0754>)0.0Unknown \n[CVE-2020-0658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0658>)0.0Unknown \n[CVE-2020-0744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0744>)0.0Unknown \n[CVE-2020-0691](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0691>)0.0Unknown \n[CVE-2020-0748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0748>)0.0Unknown \n[CVE-2020-0698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0698>)0.0Unknown \n[CVE-2020-0745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0745>)0.0Unknown \n[CVE-2020-0674](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0674>)0.0Unknown \n[CVE-2020-0673](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0673>)0.0Unknown\n\n### *KB list*:\n[4537822](<http://support.microsoft.com/kb/4537822>) \n[4537820](<http://support.microsoft.com/kb/4537820>) \n[4537810](<http://support.microsoft.com/kb/4537810>) \n[4537813](<http://support.microsoft.com/kb/4537813>) \n[4537767](<http://support.microsoft.com/kb/4537767>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-06-18T00:00:00", "published": "2020-02-11T00:00:00", "id": "KLA11694", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11694", "title": "\r KLA11694Multiple vulnerabilities in Microsoft products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:42:54", "bulletinFamily": "info", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0732", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0709", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "### *Detect date*:\n02/11/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows RT 8.1 \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows Server 2019 \nWindows Server 2012 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0739](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0739>) \n[CVE-2020-0727](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0727>) \n[CVE-2020-0742](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0742>) \n[CVE-2020-0659](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0659>) \n[CVE-2020-0730](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0730>) \n[CVE-2020-0703](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0703>) \n[CVE-2020-0701](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0701>) \n[CVE-2020-0728](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0728>) \n[CVE-2020-0729](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0729>) \n[CVE-2020-0704](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0704>) \n[CVE-2020-0705](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0705>) \n[CVE-2020-0707](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0707>) \n[CVE-2020-0722](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0722>) \n[CVE-2020-0723](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0723>) \n[CVE-2020-0720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0720>) \n[CVE-2020-0721](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0721>) \n[CVE-2020-0726](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0726>) \n[CVE-2020-0746](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0746>) \n[CVE-2020-0724](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0724>) \n[CVE-2020-0725](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0725>) \n[CVE-2020-0662](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0662>) \n[CVE-2020-0661](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0661>) \n[CVE-2020-0747](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0747>) \n[CVE-2020-0667](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0667>) \n[CVE-2020-0666](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0666>) \n[CVE-2020-0665](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0665>) \n[CVE-2020-0740](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0740>) \n[CVE-2020-0669](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0669>) \n[CVE-2020-0668](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0668>) \n[CVE-2020-0734](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0734>) \n[CVE-2020-0681](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0681>) \n[CVE-2020-0680](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0680>) \n[CVE-2020-0683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0683>) \n[CVE-2020-0682](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0682>) \n[CVE-2020-0685](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0685>) \n[CVE-2020-0672](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0672>) \n[CVE-2020-0686](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0686>) \n[CVE-2020-0689](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0689>) \n[CVE-2020-0743](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0743>) \n[CVE-2020-0708](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0708>) \n[CVE-2020-0709](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0709>) \n[CVE-2020-0657](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0657>) \n[CVE-2020-0719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0719>) \n[CVE-2020-0732](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0732>) \n[CVE-2020-0750](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0750>) \n[CVE-2020-0717](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0717>) \n[CVE-2020-0716](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0716>) \n[CVE-2020-0715](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0715>) \n[CVE-2020-0660](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0660>) \n[CVE-2020-0678](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0678>) \n[CVE-2020-0679](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0679>) \n[CVE-2020-0731](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0731>) \n[CVE-2020-0675](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0675>) \n[CVE-2020-0676](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0676>) \n[CVE-2020-0677](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0677>) \n[CVE-2020-0670](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0670>) \n[CVE-2020-0671](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0671>) \n[CVE-2020-0737](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0737>) \n[CVE-2020-0753](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0753>) \n[CVE-2020-0752](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0752>) \n[CVE-2020-0751](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0751>) \n[CVE-2020-0655](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0655>) \n[CVE-2020-0757](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0757>) \n[CVE-2020-0756](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0756>) \n[CVE-2020-0755](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0755>) \n[CVE-2020-0738](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0738>) \n[CVE-2020-0735](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0735>) \n[CVE-2020-0754](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0754>) \n[CVE-2020-0792](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0792>) \n[CVE-2020-0658](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0658>) \n[CVE-2020-0744](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0744>) \n[CVE-2020-0691](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0691>) \n[CVE-2020-0741](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0741>) \n[CVE-2020-0748](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0748>) \n[CVE-2020-0698](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0698>) \n[CVE-2020-0745](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0745>) \n[CVE-2020-0714](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0714>) \n[CVE-2020-0749](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0749>) \n[CVE-2020-0818](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0818>) \n[CVE-2020-0817](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0817>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-0739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0739>)0.0Unknown \n[CVE-2020-0727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0727>)0.0Unknown \n[CVE-2020-0742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0742>)0.0Unknown \n[CVE-2020-0659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0659>)0.0Unknown \n[CVE-2020-0730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0730>)0.0Unknown \n[CVE-2020-0703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0703>)0.0Unknown \n[CVE-2020-0701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0701>)0.0Unknown \n[CVE-2020-0728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0728>)0.0Unknown \n[CVE-2020-0729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0729>)0.0Unknown \n[CVE-2020-0704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0704>)0.0Unknown \n[CVE-2020-0705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0705>)0.0Unknown \n[CVE-2020-0707](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0707>)0.0Unknown \n[CVE-2020-0722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0722>)0.0Unknown \n[CVE-2020-0723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0723>)0.0Unknown \n[CVE-2020-0720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0720>)0.0Unknown \n[CVE-2020-0721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0721>)0.0Unknown \n[CVE-2020-0726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0726>)0.0Unknown \n[CVE-2020-0746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0746>)0.0Unknown \n[CVE-2020-0724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0724>)0.0Unknown \n[CVE-2020-0725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0725>)0.0Unknown \n[CVE-2020-0662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0662>)0.0Unknown \n[CVE-2020-0661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0661>)0.0Unknown \n[CVE-2020-0747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0747>)0.0Unknown \n[CVE-2020-0667](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0667>)0.0Unknown \n[CVE-2020-0666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0666>)0.0Unknown \n[CVE-2020-0665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0665>)0.0Unknown \n[CVE-2020-0740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0740>)0.0Unknown \n[CVE-2020-0669](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0669>)0.0Unknown \n[CVE-2020-0668](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0668>)0.0Unknown \n[CVE-2020-0734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0734>)0.0Unknown \n[CVE-2020-0681](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0681>)0.0Unknown \n[CVE-2020-0680](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0680>)0.0Unknown \n[CVE-2020-0683](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0683>)0.0Unknown \n[CVE-2020-0682](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0682>)0.0Unknown \n[CVE-2020-0685](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0685>)0.0Unknown \n[CVE-2020-0672](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0672>)0.0Unknown \n[CVE-2020-0686](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0686>)0.0Unknown \n[CVE-2020-0689](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0689>)0.0Unknown \n[CVE-2020-0743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0743>)0.0Unknown \n[CVE-2020-0708](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0708>)0.0Unknown \n[CVE-2020-0709](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0709>)0.0Unknown \n[CVE-2020-0657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0657>)0.0Unknown \n[CVE-2020-0719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0719>)0.0Unknown \n[CVE-2020-0732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0732>)0.0Unknown \n[CVE-2020-0750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0750>)0.0Unknown \n[CVE-2020-0717](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0717>)0.0Unknown \n[CVE-2020-0716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0716>)0.0Unknown \n[CVE-2020-0715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0715>)0.0Unknown \n[CVE-2020-0660](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0660>)0.0Unknown \n[CVE-2020-0678](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0678>)0.0Unknown \n[CVE-2020-0679](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0679>)0.0Unknown \n[CVE-2020-0731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0731>)0.0Unknown \n[CVE-2020-0675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0675>)0.0Unknown \n[CVE-2020-0676](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0676>)0.0Unknown \n[CVE-2020-0677](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0677>)0.0Unknown \n[CVE-2020-0670](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0670>)0.0Unknown \n[CVE-2020-0671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0671>)0.0Unknown \n[CVE-2020-0737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0737>)0.0Unknown \n[CVE-2020-0753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0753>)0.0Unknown \n[CVE-2020-0752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0752>)0.0Unknown \n[CVE-2020-0751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0751>)0.0Unknown \n[CVE-2020-0655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0655>)0.0Unknown \n[CVE-2020-0757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0757>)0.0Unknown \n[CVE-2020-0756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0756>)0.0Unknown \n[CVE-2020-0755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0755>)0.0Unknown \n[CVE-2020-0738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0738>)0.0Unknown \n[CVE-2020-0735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0735>)0.0Unknown \n[CVE-2020-0754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0754>)0.0Unknown \n[CVE-2020-0792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0792>)0.0Unknown \n[CVE-2020-0658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0658>)0.0Unknown \n[CVE-2020-0744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0744>)0.0Unknown \n[CVE-2020-0691](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0691>)0.0Unknown \n[CVE-2020-0741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0741>)0.0Unknown \n[CVE-2020-0748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0748>)0.0Unknown \n[CVE-2020-0698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0698>)0.0Unknown \n[CVE-2020-0745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0745>)0.0Unknown \n[CVE-2020-0714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0714>)0.0Unknown \n[CVE-2020-0749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0749>)0.0Unknown \n[CVE-2020-0818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0818>)0.0Unknown \n[CVE-2020-0817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0817>)0.0Unknown\n\n### *KB list*:\n[4537821](<http://support.microsoft.com/kb/4537821>) \n[4537776](<http://support.microsoft.com/kb/4537776>) \n[4537794](<http://support.microsoft.com/kb/4537794>) \n[4524244](<http://support.microsoft.com/kb/4524244>) \n[4532693](<http://support.microsoft.com/kb/4532693>) \n[4532691](<http://support.microsoft.com/kb/4532691>) \n[4502496](<http://support.microsoft.com/kb/4502496>) \n[4537762](<http://support.microsoft.com/kb/4537762>) \n[4537764](<http://support.microsoft.com/kb/4537764>) \n[4537789](<http://support.microsoft.com/kb/4537789>) \n[4537803](<http://support.microsoft.com/kb/4537803>) \n[4537814](<http://support.microsoft.com/kb/4537814>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-06-18T00:00:00", "published": "2020-02-11T00:00:00", "id": "KLA11662", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11662", "title": "\r KLA11662Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2020-02-14T09:31:47", "bulletinFamily": "blog", "cvelist": ["CVE-2020-00695", "CVE-2020-0618", "CVE-2020-0655", "CVE-2020-0657", "CVE-2020-0658", "CVE-2020-0659", "CVE-2020-0660", "CVE-2020-0661", "CVE-2020-0662", "CVE-2020-0663", "CVE-2020-0665", "CVE-2020-0666", "CVE-2020-0667", "CVE-2020-0668", "CVE-2020-0669", "CVE-2020-0670", "CVE-2020-0671", "CVE-2020-0672", "CVE-2020-0673", "CVE-2020-0674", "CVE-2020-0675", "CVE-2020-0676", "CVE-2020-0677", "CVE-2020-0678", "CVE-2020-0679", "CVE-2020-0680", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0683", "CVE-2020-0685", "CVE-2020-0686", "CVE-2020-0688", "CVE-2020-0689", "CVE-2020-0691", "CVE-2020-0692", "CVE-2020-0693", "CVE-2020-0694", "CVE-2020-0695", "CVE-2020-0696", "CVE-2020-0697", "CVE-2020-0698", "CVE-2020-0701", "CVE-2020-0702", "CVE-2020-0703", "CVE-2020-0704", "CVE-2020-0705", "CVE-2020-0706", "CVE-2020-0707", "CVE-2020-0708", "CVE-2020-0709", "CVE-2020-0710", "CVE-2020-0711", "CVE-2020-0712", "CVE-2020-0713", "CVE-2020-0714", "CVE-2020-0715", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0719", "CVE-2020-0720", "CVE-2020-0721", "CVE-2020-0722", "CVE-2020-0723", "CVE-2020-0724", "CVE-2020-0725", "CVE-2020-0726", "CVE-2020-0727", "CVE-2020-0728", "CVE-2020-0729", "CVE-2020-0730", "CVE-2020-0731", "CVE-2020-0732", "CVE-2020-0733", "CVE-2020-0734", "CVE-2020-0735", "CVE-2020-0736", "CVE-2020-0737", "CVE-2020-0738", "CVE-2020-0739", "CVE-2020-0740", "CVE-2020-0741", "CVE-2020-0742", "CVE-2020-0743", "CVE-2020-0744", "CVE-2020-0745", "CVE-2020-0746", "CVE-2020-0747", "CVE-2020-0748", "CVE-2020-0749", "CVE-2020-0750", "CVE-2020-0751", "CVE-2020-0752", "CVE-2020-0753", "CVE-2020-0754", "CVE-2020-0755", "CVE-2020-0756", "CVE-2020-0759", "CVE-2020-0766", "CVE-2020-0767"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's [Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb>) covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity. \n \nThis month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player. \n \nTalos released a new set of SNORT\u24c7 rules today that provide coverage for some of these vulnerabilities, which you can see [here](<https://snort.org/advisories/talos-rules-2020-02-11>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 12 critical vulnerabilities this month, all of which we will highlight below. \n \n[CVE-2020-0673](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673>), [CVE-2020-0674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674>), [CVE-2020-0710](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0710>), [CVE-2020-0711](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0711>), [CVE-2020-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0712>), [CVE-2020-0713](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0713>) and [CVE-2020-0767](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0767>) are all memory corruption vulnerabilities in the Microsoft scripting engine that deals with how Internet Explorer handles objects in memory. An attacker could use these vulnerabilities to corrupt memory on the victim machine in a way that would allow them to execute arbitrary code. A user could trigger this bug by visiting an attacker-controlled web page on Internet Explorer that's been specially crafted to exploit this vulnerability. Alternatively, an attacker could embed an ActiveX control marked \"safe for initialization\" in another application or Microsoft Office document that utilizes the Internet Explorer rendering engine and convince the victim to open that file. \n \n[CVE-2020-0681](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681>) and [CVE-2020-0734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734>) are remote code execution vulnerabilities in Remote Desktop Protocol when the user connects to a malicious server. An attacker can exploit these vulnerabilities by hosting a server, and convincing a user to connect to it, likely via social engineering or a man-in-the-middle technique. \n \n[CVE-2020-0662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0662>) is a remote code execution vulnerability in Windows 10 and some versions of Windows Server that exists in the way the software handles objects in memory. If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with elevated permissions on the victim machine. The attacker would need a domain user account, and then create a specially crafted request. \n \n[CVE-2020-0729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0729>) is a remote code execution vulnerability in Windows that could allow an attacker to remotely execute code if Windows processes a specially crafted .LNK file. An adversary could exploit this vulnerability by sending the user a removable drive or remote share containing a malicious .LNK file and an associated malicious binary. If the user opens the file in Windows Explorer or another application that parses .LNK files, the binary will execute code of the attacker's choice. \n \n[CVE-2020-0738](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0738>) is a memory corruption vulnerability in Windows Media Foundation that exists in the way the software handles objects in memory. An attacker could exploit this bug by convincing the user to open a specially crafted, malicious file or web page, which would corrupt memory in a way the attacker could then install programs, manipulate user data or create new user accounts on the victim machine. \n\n\n### Important vulnerabilities\n\nThis release also contains 84 important vulnerabilities: \n \n\n\n * [CVE-2020-0618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618>)\n * [CVE-2020-0655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0655>)\n * [CVE-2020-0657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0657>)\n * [CVE-2020-0658](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0658>)\n * [CVE-2020-0659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0659>)\n * [CVE-2020-0660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0660>)\n * [CVE-2020-0661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0661>)\n * [CVE-2020-0663](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0663>)\n * [CVE-2020-0665](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0665>)\n * [CVE-2020-0666](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0666>)\n * [CVE-2020-0667](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0667>)\n * [CVE-2020-0668](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668>)\n * [CVE-2020-0669](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0669>)\n * [CVE-2020-0670](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0670>)\n * [CVE-2020-0671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0671>)\n * [CVE-2020-0672](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0672>)\n * [CVE-2020-0675](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0675>)\n * [CVE-2020-0676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0676>)\n * [CVE-2020-0677](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0677>)\n * [CVE-2020-0678](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0678>)\n * [CVE-2020-0679](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0679>)\n * [CVE-2020-0680](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0680>)\n * [CVE-2020-0682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0682>)\n * [CVE-2020-0683](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683>)\n * [CVE-2020-0685](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0685>)\n * [CVE-2020-0686](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0686>)\n * [CVE-2020-0688](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688>)\n * [CVE-2020-0689](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0689>)\n * [CVE-2020-0691](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0691>)\n * [CVE-2020-0692](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692>)\n * [CVE-2020-0694](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0694>)\n * [CVE-2020-0695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-00695>)\n * [CVE-2020-0696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0696>)\n * [CVE-2020-0697](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697>)\n * [CVE-2020-0698](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0698>)\n * [CVE-2020-0701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0701>)\n * [CVE-2020-0703](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0703>)\n * [CVE-2020-0704](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0704>)\n * [CVE-2020-0705](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0705>)\n * [CVE-2020-0706](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0706>)\n * [CVE-2020-0707](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0707>)\n * [CVE-2020-0708](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0708>)\n * [CVE-2020-0709](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0709>)\n * [CVE-2020-0714](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0714>)\n * [CVE-2020-0715](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0715>)\n * [CVE-2020-0716](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0716>)\n * [CVE-2020-0717](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0717>)\n * [CVE-2020-0719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0719>)\n * [CVE-2020-0720](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0720>)\n * [CVE-2020-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0721>)\n * [CVE-2020-0722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0722>)\n * [CVE-2020-0723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0723>)\n * [CVE-2020-0724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0724>)\n * [CVE-2020-0725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0725>)\n * [CVE-2020-0726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0726>)\n * [CVE-2020-0727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0727>)\n * [CVE-2020-0728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728>)\n * [CVE-2020-0730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0730>)\n * [CVE-2020-0731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0731>)\n * [CVE-2020-0732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0732>)\n * [CVE-2020-0733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0733>)\n * [CVE-2020-0735](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0735>)\n * [CVE-2020-0736](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0736>)\n * [CVE-2020-0737](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0737>)\n * [CVE-2020-0739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0739>)\n * [CVE-2020-0740](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0740>)\n * [CVE-2020-0741](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0741>)\n * [CVE-2020-0742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0742>)\n * [CVE-2020-0743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0743>)\n * [CVE-2020-0744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0744>)\n * [CVE-2020-0745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0745>)\n * [CVE-2020-0746](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0746>)\n * [CVE-2020-0747](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0747>)\n * [CVE-2020-0748](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0748>)\n * [CVE-2020-0749](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0749>)\n * [CVE-2020-0750](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0750>)\n * [CVE-2020-0751](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0751>)\n * [CVE-2020-0752](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0752>)\n * [CVE-2020-0753](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0753>)\n * [CVE-2020-0754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0754>)\n * [CVE-2020-0755](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0755>)\n * [CVE-2020-0756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0756>)\n * [CVE-2020-0759](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0759>)\n * [CVE-2020-0766](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0766>)\n * [CVE-2020-0693](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0693>) \n * [CVE-2020-0702](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0702>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 48701, 48702, 53050 - 53056, 53061, 53072, 53073, 53079 - 53089\n\n", "modified": "2020-02-13T08:22:46", "published": "2020-02-13T08:22:46", "id": "TALOSBLOG:EA0E0FACD93EAC05E55A6C64CC82F3F6", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/CHB5rchyPEo/microsoft-patch-tuesday-feb-2020.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Feb. 2020: Vulnerability disclosures and Snort coverage", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}