DATABASE RESOURCES PRICING ABOUT US

{"id": "MS:CVE-2020-0994", "bulletinFamily": "microsoft", "title": "Jet Database Engine Remote Code Execution Vulnerability", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "published": "2020-04-14T07:00:00", "modified": "2020-04-22T07:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0994", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-0994"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-26T18:28:11", "edition": 1, "viewCount": 8, "enchantments": {"backreferences": {"references": [{"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["AVLEONOV:6A714F9BC2BBE696D3586B2629169491"], "type": "avleonov"}, {"idList": ["ZDI-20-457"], "type": "zdi"}, {"idList": ["SMB_NT_MS20_APR_4550951.NASL", "SMB_NT_MS20_APR_4550929.NASL", "SMB_NT_MS20_APR_4549949.NASL", "SMB_NT_MS20_APR_4550917.NASL", "SMB_NT_MS20_APR_4550930.NASL", "SMB_NT_MS20_APR_4550927.NASL", "SMB_NT_MS20_APR_4550922.NASL", "SMB_NT_MS20_APR_4550964.NASL", "SMB_NT_MS20_APR_4550961.NASL", "SMB_NT_MS20_APR_4549951.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310816830", "OPENVAS:1361412562310816823", "OPENVAS:1361412562310816824", "OPENVAS:1361412562310816829", "OPENVAS:1361412562310816826", "OPENVAS:1361412562310816828", "OPENVAS:1361412562310816827", "OPENVAS:1361412562310816825"], "type": "openvas"}, {"idList": ["CVE-2020-0994"], "type": "cve"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["KB4550964"], "type": "mskb"}, {"idList": ["KLA11744", "KLA11743"], "type": "kaspersky"}]}, "dependencies": {"references": [{"idList": ["AVLEONOV:6A714F9BC2BBE696D3586B2629169491"], "type": "avleonov"}, {"idList": ["ZDI-20-457"], "type": "zdi"}, {"idList": ["SMB_NT_MS20_APR_4550951.NASL", "SMB_NT_MS20_APR_4550929.NASL", "SMB_NT_MS20_APR_4549949.NASL", "SMB_NT_MS20_APR_4550917.NASL", "SMB_NT_MS20_APR_4550930.NASL", "SMB_NT_MS20_APR_4550927.NASL", "SMB_NT_MS20_APR_4550922.NASL", "SMB_NT_MS20_APR_4550964.NASL", "SMB_NT_MS20_APR_4550961.NASL", "SMB_NT_MS20_APR_4549951.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310816830", "OPENVAS:1361412562310816823", "OPENVAS:1361412562310816824", "OPENVAS:1361412562310816829", "OPENVAS:1361412562310816826", "OPENVAS:1361412562310816828", "OPENVAS:1361412562310816827", "OPENVAS:1361412562310816825"], "type": "openvas"}, {"idList": ["KB4550930"], "type": "mskb"}, {"idList": ["CVE-2020-0992", "CVE-2020-1008", "CVE-2020-0959", "CVE-2020-0953", "CVE-2020-0988", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0960", "CVE-2020-0889", "CVE-2020-0994"], "type": "cve"}, {"idList": ["KLA11744", "KLA11743"], "type": "kaspersky"}]}, "exploitation": null, "score": {"value": 4.4, "vector": "NONE"}, "vulnersScore": 4.4}, "_state": {"dependencies": 1666809388, "score": 1666809538}, "_internal": {"score_hash": "f7de2530c1fafa78e7e14cba966c22d1"}, "kbList": ["KB4549949", "KB4550929", "KB4538461", "KB4540670", "KB4550964", "KB4541506", "KB4541509", "KB4540673", "KB4550922", "KB4540681", "KB4550961", "KB4540693", "KB4550965", "KB4550930", "KB4550917", "KB4541510", "KB4540689", "KB4540688", "KB4550951", "KB4550970", "KB4550957", "KB4549951", "KB4550927", "KB4550971"], "msrc": "", "mscve": "CVE-2020-0994", "msAffectedSoftware": [{"kb": "KB4550964", "kbSupersedence": "KB4540688", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550961", "kbSupersedence": "KB4541509", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550964", "kbSupersedence": "KB4540688", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550964", "kbSupersedence": "KB4540688", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550970", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550929", "kbSupersedence": "KB4540670", "msplatform": "", "name": "windows 10 version 1607 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550965", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows 10 version 1909 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550964", "kbSupersedence": "KB4540688", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550951", "kbSupersedence": "KB4541506", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549949", "kbSupersedence": "KB4538461", "msplatform": "", "name": "windows server 2019 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550957", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550917", "kbSupersedence": "KB4541510", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550961", "kbSupersedence": "KB4541509", "msplatform": "", "name": "windows server 2012 r2", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550957", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows 10 version 1909 for arm64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550957", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550927", "kbSupersedence": "KB4540681", "msplatform": "", "name": "windows 10 version 1709 for arm64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550970", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550961", "kbSupersedence": "KB4541509", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549949", "kbSupersedence": "KB4538461", "msplatform": "", "name": "windows 10 version 1809 for arm64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows server, version 1903 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550927", "kbSupersedence": "KB4540681", "msplatform": "", "name": "windows 10 version 1709 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550957", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550971", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows 10 version 1903 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows 10 version 1903 for arm64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550970", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550922", "kbSupersedence": "KB4540689", "msplatform": "", "name": "windows 10 version 1803 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550922", "kbSupersedence": "KB4540689", "msplatform": "", "name": "windows server, version 1803 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550951", "kbSupersedence": "KB4541506", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550929", "kbSupersedence": "KB4540670", "msplatform": "", "name": "windows server 2016", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows 10 version 1909 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550970", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550927", "kbSupersedence": "KB4540681", "msplatform": "", "name": "windows 10 version 1709 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550917", "kbSupersedence": "KB4541510", "msplatform": "", "name": "windows server 2012", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550951", "kbSupersedence": "KB4541506", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550922", "kbSupersedence": "KB4540689", "msplatform": "", "name": "windows 10 version 1803 for arm64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550922", "kbSupersedence": "KB4540689", "msplatform": "", "name": "windows 10 version 1803 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows 10 version 1903 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550965", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550961", "kbSupersedence": "KB4541509", "msplatform": "", "name": "windows rt 8.1", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550965", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549949", "kbSupersedence": "KB4538461", "msplatform": "", "name": "windows 10 version 1809 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550930", "kbSupersedence": "KB4540693", "msplatform": "", "name": "windows 10 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549949", "kbSupersedence": "KB4538461", "msplatform": "", "name": "windows server 2019", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550965", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549949", "kbSupersedence": "KB4538461", "msplatform": "", "name": "windows 10 version 1809 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4549951", "kbSupersedence": "KB4540673", "msplatform": "", "name": "windows server, version 1909 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550961", "kbSupersedence": "KB4541509", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550951", "kbSupersedence": "KB4541506", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550930", "kbSupersedence": "KB4540693", "msplatform": "", "name": "windows 10 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550971", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550929", "kbSupersedence": "KB4540670", "msplatform": "", "name": "windows 10 version 1607 for 32-bit systems", "operator": "lt", "version": "2020-Apr"}, {"kb": "KB4550929", "kbSupersedence": "KB4540670", "msplatform": "", "name": "windows server 2016 (server core installation)", "operator": "lt", "version": "2020-Apr"}], "vendorCvss": {"baseScore": "7.0", "temporalScore": "6.3", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}

{"mskb": [{"lastseen": "2023-01-11T10:58:01", "description": "None\nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Security updates to the Microsoft Scripting Engine, Windows Kernel, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Core Networking, Windows Update Stack, and the Microsoft JET Database Engine.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nDevices on a domain might be unable to install apps published using a Group Policy Object (GPO). This issue only affects app installations that use .msi files. It does not affect any other installation methods, such as from the Microsoft Store.| This issue is resolved in KB4556826. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4540721) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4550930>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4550930](<https://download.microsoft.com/download/c/7/1/c71d025d-650a-44a6-b860-60fef4e17cf6/4550930.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T07:00:00", "type": "mskb", "title": "April 14, 2020\u2014KB4550930 (OS Build 10240.18545)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0994"], "modified": "2020-04-14T07:00:00", "id": "KB4550930", "href": "https://support.microsoft.com/en-us/help/4550930", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2022-01-31T22:07:12", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database engine. Crafted data in an MDB file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-15T00:00:00", "type": "zdi", "title": "Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0994"], "modified": "2020-04-15T00:00:00", "id": "ZDI-20-457", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-457/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T11:48:48", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0992", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0992", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0992", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:48:51", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0995", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0995", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0995", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:48:42", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0988", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0988", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:46:42", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0889", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0889", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0889", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:47:58", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0953", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0953", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:48:06", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0959", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0959", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0959", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:48:08", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0960", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0960", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0960", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:48:50", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0994", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0994", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:48:57", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-1008.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-0999", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0999", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0999", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T11:50:26", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T15:15:00", "type": "cve", "title": "CVE-2020-1008", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0889", "CVE-2020-0953", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1008"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-1008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1008", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}], "nessus": [{"lastseen": "2023-01-11T15:11:06", "description": "The remote Windows host is missing security update 4550957 or cumulative update 4550951. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0957, CVE-2020-0958)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0946)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1007)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1000)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550957: Windows Server 2008 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0938", "CVE-2020-0946", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0957", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0982", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1014", "CVE-2020-1020", "CVE-2020-1027"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550951.NASL", "href": "https://www.tenable.com/plugins/nessus/135470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135470);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0938\",\n \"CVE-2020-0946\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0957\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0982\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1014\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\"\n );\n script_xref(name:\"MSKB\", value:\"4550957\");\n script_xref(name:\"MSKB\", value:\"4550951\");\n script_xref(name:\"MSFT\", value:\"MS20-4550957\");\n script_xref(name:\"MSFT\", value:\"MS20-4550951\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550957: Windows Server 2008 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550957\nor cumulative update 4550951. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0957, CVE-2020-0958)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0946)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1007)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1000)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\");\n # https://support.microsoft.com/en-us/help/4550957/windows-server-2008-update-kb4550957\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e700ec83\");\n # https://support.microsoft.com/en-us/help/4550951/windows-server-2008-update-kb4550951\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9a49f43\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4550957 or Cumulative Update KB4550951.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550951', '4550957');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550951, 4550957])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:12:12", "description": "The remote Windows host is missing security update 4550971 or cumulative update 4550917. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1000)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550971: Windows Server 2012 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0821", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0936", "CVE-2020-0938", "CVE-2020-0946", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0982", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1020", "CVE-2020-1027"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550917.NASL", "href": "https://www.tenable.com/plugins/nessus/135465", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135465);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0821\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0936\",\n \"CVE-2020-0938\",\n \"CVE-2020-0946\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0982\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\"\n );\n script_xref(name:\"MSKB\", value:\"4550971\");\n script_xref(name:\"MSKB\", value:\"4550917\");\n script_xref(name:\"MSFT\", value:\"MS20-4550971\");\n script_xref(name:\"MSFT\", value:\"MS20-4550917\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550971: Windows Server 2012 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550971\nor cumulative update 4550917. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1000)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\");\n # https://support.microsoft.com/en-us/help/4550971/windows-server-2012-update-kb4550971\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d8c500e\");\n # https://support.microsoft.com/en-us/help/4550917/windows-server-2012-update-kb4550917\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba6a0797\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4550971 or Cumulative Update KB4550917.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550971', '4550917');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550971, 4550917])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:10:37", "description": "The remote Windows host is missing security update 4550970 or cumulative update 4550961. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550970: Windows 8.1 and Windows Server 2012 R2 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0821", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0936", "CVE-2020-0938", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0982", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550961.NASL", "href": "https://www.tenable.com/plugins/nessus/135471", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135471);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0821\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0936\",\n \"CVE-2020-0938\",\n \"CVE-2020-0945\",\n \"CVE-2020-0946\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0982\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0999\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4550961\");\n script_xref(name:\"MSKB\", value:\"4550970\");\n script_xref(name:\"MSFT\", value:\"MS20-4550961\");\n script_xref(name:\"MSFT\", value:\"MS20-4550970\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550970: Windows 8.1 and Windows Server 2012 R2 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550970\nor cumulative update 4550961. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0945,\n CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4550970/windows-8-1-kb4550970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4550961/windows-8-1-kb4550961\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4550970 or Cumulative Update KB4550961.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550961', '4550970');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550961, 4550970])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:12:13", "description": "The remote Windows host is missing security update 4550965 or cumulative update 4550964. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1000)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0957, CVE-2020-0958)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550965: Windows 7 and Windows Server 2008 R2 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0821", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0938", "CVE-2020-0946", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0957", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0982", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550964.NASL", "href": "https://www.tenable.com/plugins/nessus/135472", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135472);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0821\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0938\",\n \"CVE-2020-0946\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0957\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0982\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4550964\");\n script_xref(name:\"MSKB\", value:\"4550965\");\n script_xref(name:\"MSFT\", value:\"MS20-4550964\");\n script_xref(name:\"MSFT\", value:\"MS20-4550965\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550965: Windows 7 and Windows Server 2008 R2 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550965\nor cumulative update 4550964. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0962)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1000)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0957, CVE-2020-0958)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\");\n # https://support.microsoft.com/en-us/help/4550964/windows-7-update-kb4550964\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c90e16d\");\n # https://support.microsoft.com/en-us/help/4550965/windows-7-update-kb4550965\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d52628ac\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4550965 or Cumulative Update KB4550964.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550964', '4550965');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550964, 4550965])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:11:07", "description": "The remote Windows host is missing security update 4550930.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0962)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0948, CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0937, CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0985)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1003)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0784)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows System Assessment Tool handles file operations. (CVE-2020-1011) \n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0969)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550930: Windows 10 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0784", "CVE-2020-0821", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0969", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550930.NASL", "href": "https://www.tenable.com/plugins/nessus/135469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135469);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0784\",\n \"CVE-2020-0821\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0936\",\n \"CVE-2020-0937\",\n \"CVE-2020-0938\",\n \"CVE-2020-0945\",\n \"CVE-2020-0946\",\n \"CVE-2020-0948\",\n \"CVE-2020-0949\",\n \"CVE-2020-0950\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0969\",\n \"CVE-2020-0982\",\n \"CVE-2020-0983\",\n \"CVE-2020-0985\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0999\",\n \"CVE-2020-1003\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1011\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"MSKB\", value:\"4550930\");\n script_xref(name:\"MSFT\", value:\"MS20-4550930\");\n script_xref(name:\"IAVA\", value:\"2020-A-0156-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550930: Windows 10 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550930.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0962)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0948,\n CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0937,\n CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0985)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1003)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0784)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the\n Windows System Assessment Tool improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows System Assessment Tool\n handles file operations. (CVE-2020-1011)\n \n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0969)\");\n # https://support.microsoft.com/en-us/help/4550930/windows-10-update-kb4550930\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b9dba94\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4550930.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550930');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550930])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:11:05", "description": "The remote Windows host is missing security update 4550929.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0962)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0948, CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-0940, CVE-2020-1006, CVE-2020-1017)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1000, CVE-2020-1003)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0937, CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0985)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions. (CVE-2020-0942)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0784)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows System Assessment Tool handles file operations. (CVE-2020-1011) \n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0969)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550929: Windows 10 Version 1607 and Windows Server 2016 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0784", "CVE-2020-0821", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0940", "CVE-2020-0942", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0969", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1006", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1017", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550929.NASL", "href": "https://www.tenable.com/plugins/nessus/135468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135468);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0784\",\n \"CVE-2020-0821\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0936\",\n \"CVE-2020-0937\",\n \"CVE-2020-0938\",\n \"CVE-2020-0940\",\n \"CVE-2020-0942\",\n \"CVE-2020-0945\",\n \"CVE-2020-0946\",\n \"CVE-2020-0948\",\n \"CVE-2020-0949\",\n \"CVE-2020-0950\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0969\",\n \"CVE-2020-0982\",\n \"CVE-2020-0983\",\n \"CVE-2020-0985\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1003\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1006\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1011\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1017\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0156-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4550929\");\n script_xref(name:\"MSFT\", value:\"MS20-4550929\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550929: Windows 10 Version 1607 and Windows Server 2016 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550929.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0962)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0948,\n CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-0940,\n CVE-2020-1006, CVE-2020-1017)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1000, CVE-2020-1003)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0937,\n CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0985)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could\n overwrite files in arbitrary locations with elevated\n permissions. (CVE-2020-0942)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0784)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the\n Windows System Assessment Tool improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows System Assessment Tool\n handles file operations. (CVE-2020-1011)\n \n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0969)\");\n # https://support.microsoft.com/en-us/help/4550929/windows-10-update-kb4550929\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?24b003af\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4550929.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550929');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550929])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:10:04", "description": "The remote Windows host is missing security update 4550927.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0948, CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1000, CVE-2020-1003)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0937, CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0985)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions. (CVE-2020-0942)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-0940, CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows System Assessment Tool handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0969)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550927: Windows 10 Version 1709 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0699", "CVE-2020-0784", "CVE-2020-0794", "CVE-2020-0821", "CVE-2020-0888", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0940", "CVE-2020-0942", "CVE-2020-0944", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0969", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1006", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1017", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1029", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550927.NASL", "href": "https://www.tenable.com/plugins/nessus/135467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135467);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0699\",\n \"CVE-2020-0784\",\n \"CVE-2020-0794\",\n \"CVE-2020-0821\",\n \"CVE-2020-0888\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0936\",\n \"CVE-2020-0937\",\n \"CVE-2020-0938\",\n \"CVE-2020-0940\",\n \"CVE-2020-0942\",\n \"CVE-2020-0944\",\n \"CVE-2020-0945\",\n \"CVE-2020-0946\",\n \"CVE-2020-0948\",\n \"CVE-2020-0949\",\n \"CVE-2020-0950\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0969\",\n \"CVE-2020-0982\",\n \"CVE-2020-0983\",\n \"CVE-2020-0985\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1001\",\n \"CVE-2020-1003\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1006\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1011\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1017\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1029\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"MSKB\", value:\"4550927\");\n script_xref(name:\"MSFT\", value:\"MS20-4550927\");\n script_xref(name:\"IAVA\", value:\"2020-A-0156-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550927: Windows 10 Version 1709 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550927.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0948,\n CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1000, CVE-2020-1003)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0937,\n CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0985)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could\n overwrite files in arbitrary locations with elevated\n permissions. (CVE-2020-0942)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-0940,\n CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when the\n Windows System Assessment Tool improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows System Assessment Tool\n handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0969)\");\n # https://support.microsoft.com/en-us/help/4550927/windows-10-update-kb4550927\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2c839d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4550927.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550927');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550927])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:11:39", "description": "The remote Windows host is missing security update 4550922.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0985, CVE-2020-0996)\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.\n (CVE-2020-0934)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions. (CVE-2020-0942)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0937, CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0948, CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-0940, CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0913, CVE-2020-1000, CVE-2020-1003)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows System Assessment Tool handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0969, CVE-2020-0970)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4550922: Windows 10 Version 1803 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0699", "CVE-2020-0784", "CVE-2020-0794", "CVE-2020-0821", "CVE-2020-0888", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0913", "CVE-2020-0934", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0940", "CVE-2020-0942", "CVE-2020-0944", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0969", "CVE-2020-0970", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0996", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1006", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1017", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1029", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4550922.NASL", "href": "https://www.tenable.com/plugins/nessus/135466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135466);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0699\",\n \"CVE-2020-0784\",\n \"CVE-2020-0794\",\n \"CVE-2020-0821\",\n \"CVE-2020-0888\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0913\",\n \"CVE-2020-0934\",\n \"CVE-2020-0936\",\n \"CVE-2020-0937\",\n \"CVE-2020-0938\",\n \"CVE-2020-0940\",\n \"CVE-2020-0942\",\n \"CVE-2020-0944\",\n \"CVE-2020-0945\",\n \"CVE-2020-0946\",\n \"CVE-2020-0948\",\n \"CVE-2020-0949\",\n \"CVE-2020-0950\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0969\",\n \"CVE-2020-0970\",\n \"CVE-2020-0982\",\n \"CVE-2020-0983\",\n \"CVE-2020-0985\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0996\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1001\",\n \"CVE-2020-1003\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1006\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1011\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1017\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1029\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"MSKB\", value:\"4550922\");\n script_xref(name:\"MSFT\", value:\"MS20-4550922\");\n script_xref(name:\"IAVA\", value:\"2020-A-0156-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0157-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4550922: Windows 10 Version 1803 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4550922.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0985, CVE-2020-0996)\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the\n Windows WpcDesktopMonSvc improperly manages memory.\n (CVE-2020-0934)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could\n overwrite files in arbitrary locations with elevated\n permissions. (CVE-2020-0942)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0937,\n CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0948,\n CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-0940,\n CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0913, CVE-2020-1000, CVE-2020-1003)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - An elevation of privilege vulnerability exists when the\n Windows System Assessment Tool improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows System Assessment Tool\n handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0969, \n CVE-2020-0970)\");\n # https://support.microsoft.com/en-us/help/4550922/windows-10-update-kb4550922\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f6f3b84\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4550922.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4550922');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4550922])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:11:07", "description": "The remote Windows host is missing security update 4549949.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0985, CVE-2020-0996)\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.\n (CVE-2020-0934)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions. (CVE-2020-0942)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0937, CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-0910)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0948, CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-0940, CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. (CVE-2020-0917, CVE-2020-0918)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0913, CVE-2020-1000, CVE-2020-1003)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows System Assessment Tool handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0969, CVE-2020-0970)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4549949: Windows 10 Version 1809 and Windows Server 2019 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0699", "CVE-2020-0784", "CVE-2020-0794", "CVE-2020-0821", "CVE-2020-0888", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0910", "CVE-2020-0913", "CVE-2020-0917", "CVE-2020-0918", "CVE-2020-0934", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0940", "CVE-2020-0942", "CVE-2020-0944", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0969", "CVE-2020-0970", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0996", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1006", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1017", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1029", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4549949.NASL", "href": "https://www.tenable.com/plugins/nessus/135463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135463);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0699\",\n \"CVE-2020-0784\",\n \"CVE-2020-0794\",\n \"CVE-2020-0821\",\n \"CVE-2020-0888\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0910\",\n \"CVE-2020-0913\",\n \"CVE-2020-0917\",\n \"CVE-2020-0918\",\n \"CVE-2020-0934\",\n \"CVE-2020-0936\",\n \"CVE-2020-0937\",\n \"CVE-2020-0938\",\n \"CVE-2020-0940\",\n \"CVE-2020-0942\",\n \"CVE-2020-0944\",\n \"CVE-2020-0945\",\n \"CVE-2020-0946\",\n \"CVE-2020-0948\",\n \"CVE-2020-0949\",\n \"CVE-2020-0950\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0969\",\n \"CVE-2020-0970\",\n \"CVE-2020-0982\",\n \"CVE-2020-0983\",\n \"CVE-2020-0985\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0996\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1001\",\n \"CVE-2020-1003\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1006\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1011\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1017\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1029\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0156-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4549949\");\n script_xref(name:\"MSFT\", value:\"MS20-4549949\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4549949: Windows 10 Version 1809 and Windows Server 2019 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4549949.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0985, CVE-2020-0996)\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the\n Windows WpcDesktopMonSvc improperly manages memory.\n (CVE-2020-0934)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could\n overwrite files in arbitrary locations with elevated\n permissions. (CVE-2020-0942)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0937,\n CVE-2020-0945, CVE-2020-0946)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-0910)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0948,\n CVE-2020-0949, CVE-2020-0950)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-0940,\n CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n handle objects in memory. An attacker who successfully\n exploited these vulnerabilities could gain elevated\n privileges on a target operating system. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerabilities by correcting how Windows Hyper-V\n handles objects in memory. (CVE-2020-0917,\n CVE-2020-0918)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0913, CVE-2020-1000, CVE-2020-1003)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists when the\n Windows System Assessment Tool improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows System Assessment Tool\n handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0969, \n CVE-2020-0970)\");\n # https://support.microsoft.com/en-us/help/4549949/windows-10-update-kb4549949\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3387c2f7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4549949.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4549949');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4549949])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:10:06", "description": "The remote Windows host is missing security update 4549951.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0985, CVE-2020-0996)\n\n - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.\n (CVE-2020-0934)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0948, CVE-2020-0949, CVE-2020-0950)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-0910)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - A security feature bypass vulnerability exists when Windows fails to properly handle token relationships. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape. The update addresses the vulnerability by correcting how Windows handles token relationships (CVE-2020-0981)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions. (CVE-2020-0942)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-0940, CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)\n\n - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. (CVE-2020-0917, CVE-2020-0918)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0913, CVE-2020-1000, CVE-2020-1003)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)\n\n - A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows System Assessment Tool handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0969, CVE-2020-0970)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "KB4549951: Windows 10 Version 1903 and Windows 10 Version 1909 April 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0699", "CVE-2020-0784", "CVE-2020-0794", "CVE-2020-0821", "CVE-2020-0888", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0910", "CVE-2020-0913", "CVE-2020-0917", "CVE-2020-0918", "CVE-2020-0934", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0939", "CVE-2020-0940", "CVE-2020-0942", "CVE-2020-0944", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0947", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0969", "CVE-2020-0970", "CVE-2020-0981", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0996", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1006", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1017", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1029", "CVE-2020-1094"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_APR_4549951.NASL", "href": "https://www.tenable.com/plugins/nessus/135464", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135464);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0687\",\n \"CVE-2020-0699\",\n \"CVE-2020-0784\",\n \"CVE-2020-0794\",\n \"CVE-2020-0821\",\n \"CVE-2020-0888\",\n \"CVE-2020-0889\",\n \"CVE-2020-0895\",\n \"CVE-2020-0907\",\n \"CVE-2020-0910\",\n \"CVE-2020-0913\",\n \"CVE-2020-0917\",\n \"CVE-2020-0918\",\n \"CVE-2020-0934\",\n \"CVE-2020-0936\",\n \"CVE-2020-0937\",\n \"CVE-2020-0938\",\n \"CVE-2020-0939\",\n \"CVE-2020-0940\",\n \"CVE-2020-0942\",\n \"CVE-2020-0944\",\n \"CVE-2020-0945\",\n \"CVE-2020-0946\",\n \"CVE-2020-0947\",\n \"CVE-2020-0948\",\n \"CVE-2020-0949\",\n \"CVE-2020-0950\",\n \"CVE-2020-0952\",\n \"CVE-2020-0953\",\n \"CVE-2020-0955\",\n \"CVE-2020-0956\",\n \"CVE-2020-0958\",\n \"CVE-2020-0959\",\n \"CVE-2020-0960\",\n \"CVE-2020-0962\",\n \"CVE-2020-0964\",\n \"CVE-2020-0965\",\n \"CVE-2020-0966\",\n \"CVE-2020-0967\",\n \"CVE-2020-0968\",\n \"CVE-2020-0969\",\n \"CVE-2020-0970\",\n \"CVE-2020-0981\",\n \"CVE-2020-0982\",\n \"CVE-2020-0983\",\n \"CVE-2020-0985\",\n \"CVE-2020-0987\",\n \"CVE-2020-0988\",\n \"CVE-2020-0992\",\n \"CVE-2020-0993\",\n \"CVE-2020-0994\",\n \"CVE-2020-0995\",\n \"CVE-2020-0996\",\n \"CVE-2020-0999\",\n \"CVE-2020-1000\",\n \"CVE-2020-1001\",\n \"CVE-2020-1003\",\n \"CVE-2020-1004\",\n \"CVE-2020-1005\",\n \"CVE-2020-1006\",\n \"CVE-2020-1007\",\n \"CVE-2020-1008\",\n \"CVE-2020-1009\",\n \"CVE-2020-1011\",\n \"CVE-2020-1014\",\n \"CVE-2020-1015\",\n \"CVE-2020-1016\",\n \"CVE-2020-1017\",\n \"CVE-2020-1020\",\n \"CVE-2020-1027\",\n \"CVE-2020-1029\",\n \"CVE-2020-1094\"\n );\n script_xref(name:\"MSKB\", value:\"4549951\");\n script_xref(name:\"MSFT\", value:\"MS20-4549951\");\n script_xref(name:\"IAVA\", value:\"2020-A-0156-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0031\");\n\n script_name(english:\"KB4549951: Windows 10 Version 1903 and Windows 10 Version 1909 April 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4549951.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0985, CVE-2020-0996)\n\n - An elevation of privilege vulnerability exists when a\n Windows scheduled task improperly handles file\n redirections. An attacker who successfully exploited\n this vulnerability could delete a targeted file they\n would not have permissions to. (CVE-2020-0936)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0821, CVE-2020-1007)\n\n - An elevation of privilege vulnerability exists when the\n Windows WpcDesktopMonSvc improperly manages memory.\n (CVE-2020-0934)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0968)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0699, CVE-2020-0962)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959,\n CVE-2020-0960, CVE-2020-0988, CVE-2020-0992,\n CVE-2020-0994, CVE-2020-0995, CVE-2020-0999,\n CVE-2020-1008)\n\n - A remoted code execution vulnerability exists in the way\n that Microsoft Windows Codecs Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code. Exploitation\n of the vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2020-0965)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0944, CVE-2020-1029)\n\n - An elevation of privilege vulnerability exists in the\n way that the Microsoft Store Install Service handles\n file operations in protected locations. An attacker who\n successfully exploited the vulnerability could execute\n code with elevated permissions. (CVE-2020-1009)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles a specially-crafted multi-\n master font - Adobe Type 1 PostScript format. For all\n systems except Windows 10, an attacker who successfully\n exploited the vulnerability could execute code remotely.\n For systems running Windows 10, an attacker who\n successfully exploited the vulnerability could execute\n code in an AppContainer sandbox context with limited\n privileges and capabilities. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as convincing a user to open a\n specially crafted document or viewing it in the Windows\n Preview pane. The update addresses the vulnerability by\n correcting how the Windows Adobe Type Manager Library\n handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0948,\n CVE-2020-0949, CVE-2020-0950)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-0937,\n CVE-2020-0939, CVE-2020-0945, CVE-2020-0946,\n CVE-2020-0947)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2020-0910)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1027)\n\n - A security feature bypass vulnerability exists when\n Windows fails to properly handle token relationships. An\n attacker who successfully exploited the vulnerability\n could allow an application with a certain integrity\n level to execute code at a different integrity level,\n leading to a sandbox escape. The update addresses the\n vulnerability by correcting how Windows handles token\n relationships (CVE-2020-0981)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1094)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory. An attacker who successfully exploited\n the vulnerability could read privileged data across\n trust boundaries. (CVE-2020-0955)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could\n overwrite files in arbitrary locations with elevated\n permissions. (CVE-2020-0942)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0687)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1014)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2020-0794)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-0907)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1004)\n\n - An elevation of privilege vulnerability exists in the\n way that the User-Mode Power Service (UMPS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1015)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0983)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-0940,\n CVE-2020-1001, CVE-2020-1006, CVE-2020-1017)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0956, CVE-2020-0958)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0982,\n CVE-2020-0987, CVE-2020-1005)\n\n - An information disclosure vulnerability exists when the\n Windows Push Notification Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An authenticated\n attacker could exploit this vulnerability by running a\n specially crafted application. The update addresses the\n vulnerability by correcting how the Windows Push\n Notification Service handles objects in memory.\n (CVE-2020-1016)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0895, CVE-2020-0966,\n CVE-2020-0967)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n handle objects in memory. An attacker who successfully\n exploited these vulnerabilities could gain elevated\n privileges on a target operating system. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerabilities by correcting how Windows Hyper-V\n handles objects in memory. (CVE-2020-0917,\n CVE-2020-0918)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0952)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0913, CVE-2020-1000, CVE-2020-1003)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0784, CVE-2020-0888)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0964)\n\n - A denial of service vulnerability exists in Windows DNS\n when it fails to properly handle queries. An attacker\n who successfully exploited this vulnerability could\n cause the DNS service to become nonresponsive.\n (CVE-2020-0993)\n\n - An elevation of privilege vulnerability exists when the\n Windows System Assessment Tool improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows System Assessment Tool\n handles file operations. (CVE-2020-1011)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0969, \n CVE-2020-0970)\");\n # https://support.microsoft.com/en-us/help/4549951/windows-10-update-kb4549951\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?084a5389\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4549951.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1008\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1020\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-04\";\nkbs = make_list('4549951');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4549951])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"04_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4549951])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4550964", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4550964)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0967", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0958", "CVE-2020-0987", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0959", "CVE-2020-0956", "CVE-2020-0953", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0993", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-1000", "CVE-2020-1011", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-0957", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816823", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816823\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0821\", \"CVE-2020-0889\", \"CVE-2020-0895\",\n \"CVE-2020-0938\", \"CVE-2020-0946\", \"CVE-2020-0952\", \"CVE-2020-0953\",\n \"CVE-2020-0955\", \"CVE-2020-0956\", \"CVE-2020-0957\", \"CVE-2020-0958\",\n \"CVE-2020-0959\", \"CVE-2020-0960\", \"CVE-2020-0962\", \"CVE-2020-0964\",\n \"CVE-2020-0965\", \"CVE-2020-0966\", \"CVE-2020-0967\", \"CVE-2020-0968\",\n \"CVE-2020-0982\", \"CVE-2020-0987\", \"CVE-2020-0988\", \"CVE-2020-0992\",\n \"CVE-2020-0993\", \"CVE-2020-0994\", \"CVE-2020-0995\", \"CVE-2020-0999\",\n \"CVE-2020-1000\", \"CVE-2020-1004\", \"CVE-2020-1005\", \"CVE-2020-1007\",\n \"CVE-2020-1008\", \"CVE-2020-1009\", \"CVE-2020-1011\", \"CVE-2020-1014\",\n \"CVE-2020-1015\", \"CVE-2020-1020\", \"CVE-2020-1027\", \"CVE-2020-1094\",\n \"CVE-2020-0907\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4550964)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4550964\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - An error when the Windows kernel improperly handles objects in memory.\n\n - Multiple errors in the way Microsoft Graphics Components handle objects in\n memory.\n\n - Multiple errors when the Windows Jet Database Engine improperly handles\n objects in memory.\n\n - An error in Windows DNS when it fails to properly handle queries.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows an attacker\n to execute arbitrary code on a victim system, disclose sensitive information,\n conduct denial-of-service condition and gain elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4550964\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Win32k.sys\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24551\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24551\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:58", "description": "This host is missing a critical security\n update according to Microsoft KB4550961", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4550961)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1016", "CVE-2020-0967", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0958", "CVE-2020-0987", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0959", "CVE-2020-0956", "CVE-2020-0953", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0993", "CVE-2020-0945", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-1003", "CVE-2020-1011", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-0936", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816824", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816824", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816824\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0821\", \"CVE-2020-0889\", \"CVE-2020-0895\",\n \"CVE-2020-0907\", \"CVE-2020-0936\", \"CVE-2020-0938\", \"CVE-2020-0945\",\n \"CVE-2020-0946\", \"CVE-2020-0952\", \"CVE-2020-0953\", \"CVE-2020-0955\",\n \"CVE-2020-0956\", \"CVE-2020-0958\", \"CVE-2020-0959\", \"CVE-2020-0960\",\n \"CVE-2020-0962\", \"CVE-2020-0964\", \"CVE-2020-0965\", \"CVE-2020-0966\",\n \"CVE-2020-0967\", \"CVE-2020-0968\", \"CVE-2020-0982\", \"CVE-2020-0987\",\n \"CVE-2020-0988\", \"CVE-2020-0992\", \"CVE-2020-0993\", \"CVE-2020-0994\",\n \"CVE-2020-0995\", \"CVE-2020-0999\", \"CVE-2020-1003\", \"CVE-2020-1004\",\n \"CVE-2020-1005\", \"CVE-2020-1007\", \"CVE-2020-1008\", \"CVE-2020-1009\",\n \"CVE-2020-1011\", \"CVE-2020-1014\", \"CVE-2020-1015\", \"CVE-2020-1016\",\n \"CVE-2020-1020\", \"CVE-2020-1027\", \"CVE-2020-1094\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4550961)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4550961\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in the way that the scripting engine handles objects in memory\n in Internet Explorer.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - An error when the Windows Jet Database Engine improperly handles objects\n in memory.\n\n - An error when the win32k component improperly provides kernel information.\n\n - An error when the Windows GDI component improperly discloses the contents of its\n memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows an attacker\n to execute arbitrary code on a victim system, disclose sensitive information,\n conduct denial-of-service condition and gain elevated privileges.\");\n\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64-based systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4550961\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"Urlmon.dll\");\nif(!sysVer)\n exit(0);\n\nif(version_is_less(version:sysVer, test_version:\"11.0.9600.19678\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Urlmon.dll\",\n file_version:sysVer, vulnerable_range:\"Less than 11.0.9600.19678\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:57", "description": "This host is missing a critical security\n update according to Microsoft KB4550930", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4550930)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0950", "CVE-2020-1016", "CVE-2020-0967", "CVE-2020-0983", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0958", "CVE-2020-0987", "CVE-2020-0784", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0959", "CVE-2020-0956", "CVE-2020-0949", "CVE-2020-0953", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0993", "CVE-2020-0945", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-0937", "CVE-2020-0985", "CVE-2020-1003", "CVE-2020-1011", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0969", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-0936", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816826", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816826\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0784\", \"CVE-2020-0821\", \"CVE-2020-0889\",\n \"CVE-2020-0895\", \"CVE-2020-0907\", \"CVE-2020-0936\", \"CVE-2020-0937\",\n \"CVE-2020-0938\", \"CVE-2020-0945\", \"CVE-2020-0946\", \"CVE-2020-0948\",\n \"CVE-2020-0949\", \"CVE-2020-0950\", \"CVE-2020-0952\", \"CVE-2020-0953\",\n \"CVE-2020-0955\", \"CVE-2020-0956\", \"CVE-2020-0958\", \"CVE-2020-0959\",\n \"CVE-2020-0960\", \"CVE-2020-0962\", \"CVE-2020-0964\", \"CVE-2020-0965\",\n \"CVE-2020-0966\", \"CVE-2020-0967\", \"CVE-2020-0968\", \"CVE-2020-0969\",\n \"CVE-2020-0982\", \"CVE-2020-0983\", \"CVE-2020-0985\", \"CVE-2020-0987\",\n \"CVE-2020-0988\", \"CVE-2020-0992\", \"CVE-2020-0993\", \"CVE-2020-0994\",\n \"CVE-2020-0995\", \"CVE-2020-0999\", \"CVE-2020-1003\", \"CVE-2020-1004\",\n \"CVE-2020-1005\", \"CVE-2020-1007\", \"CVE-2020-1008\", \"CVE-2020-1009\",\n \"CVE-2020-1011\", \"CVE-2020-1014\", \"CVE-2020-1015\", \"CVE-2020-1016\",\n \"CVE-2020-1020\", \"CVE-2020-1027\", \"CVE-2020-1094\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4550930)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4550930\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the way that the scripting engine handles objects in memory\n in Internet Explorer.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - An error when the Windows Jet Database Engine improperly handles objects\n in memory.\n\n - An error when the Windows update stack fails to properly handle objects in\n memory.\n\n - An error when the Windows Delivery Optimization service improperly handles\n objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4550930\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Kernel32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.10240.0\", test_version2:\"10.0.10240.18544\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Kernel32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.10240.0 - 10.0.10240.18544\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4550929", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4550929)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0950", "CVE-2020-1016", "CVE-2020-0967", "CVE-2020-0983", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0958", "CVE-2020-0987", "CVE-2020-0784", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0940", "CVE-2020-0959", "CVE-2020-1017", "CVE-2020-0956", "CVE-2020-0949", "CVE-2020-0953", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0942", "CVE-2020-0993", "CVE-2020-0945", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-0937", "CVE-2020-0985", "CVE-2020-1003", "CVE-2020-1000", "CVE-2020-1006", "CVE-2020-1011", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0969", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-0936", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816827", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816827\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0784\", \"CVE-2020-0821\", \"CVE-2020-0889\",\n \"CVE-2020-0895\", \"CVE-2020-0907\", \"CVE-2020-0936\", \"CVE-2020-0937\",\n \"CVE-2020-0938\", \"CVE-2020-0940\", \"CVE-2020-0942\", \"CVE-2020-0945\",\n \"CVE-2020-0946\", \"CVE-2020-0948\", \"CVE-2020-0949\", \"CVE-2020-0950\",\n \"CVE-2020-0952\", \"CVE-2020-0953\", \"CVE-2020-0955\", \"CVE-2020-0956\",\n \"CVE-2020-0958\", \"CVE-2020-0959\", \"CVE-2020-0960\", \"CVE-2020-0962\",\n \"CVE-2020-0964\", \"CVE-2020-0965\", \"CVE-2020-0966\", \"CVE-2020-0967\",\n \"CVE-2020-0968\", \"CVE-2020-0969\", \"CVE-2020-0982\", \"CVE-2020-0983\",\n \"CVE-2020-0985\", \"CVE-2020-0987\", \"CVE-2020-0988\", \"CVE-2020-0992\",\n \"CVE-2020-0993\", \"CVE-2020-0994\", \"CVE-2020-0995\", \"CVE-2020-0999\",\n \"CVE-2020-1000\", \"CVE-2020-1003\", \"CVE-2020-1004\", \"CVE-2020-1005\",\n \"CVE-2020-1006\", \"CVE-2020-1007\", \"CVE-2020-1008\", \"CVE-2020-1009\",\n \"CVE-2020-1011\", \"CVE-2020-1014\", \"CVE-2020-1015\", \"CVE-2020-1016\",\n \"CVE-2020-1017\", \"CVE-2020-1020\", \"CVE-2020-1027\", \"CVE-2020-1094\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4550929)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4550929\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the way that the scripting engine handles objects in memory\n in Internet Explorer.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - An error when the Windows Jet Database Engine improperly handles objects\n in memory.\n\n - An error when the Windows update stack fails to properly handle objects in\n memory.\n\n - An error when the Windows Delivery Optimization service improperly handles\n objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4550929\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Ntoskrnl.exe\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3629\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Ntoskrnl.exe\",\n file_version:dllVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3629\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:38", "description": "This host is missing a critical security\n update according to Microsoft KB4550927", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4550927)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0950", "CVE-2020-1016", "CVE-2020-0967", "CVE-2020-0983", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0958", "CVE-2020-0794", "CVE-2020-0987", "CVE-2020-0784", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0940", "CVE-2020-0699", "CVE-2020-0959", "CVE-2020-1017", "CVE-2020-0956", "CVE-2020-0949", "CVE-2020-1001", "CVE-2020-0953", "CVE-2020-0888", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0942", "CVE-2020-0993", "CVE-2020-0945", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-0937", "CVE-2020-0985", "CVE-2020-1003", "CVE-2020-1000", "CVE-2020-1006", "CVE-2020-1011", "CVE-2020-0944", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-1029", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0969", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-0936", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816828", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816828\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0699\", \"CVE-2020-0784\", \"CVE-2020-0794\",\n \"CVE-2020-0821\", \"CVE-2020-0888\", \"CVE-2020-0889\", \"CVE-2020-0895\",\n \"CVE-2020-0907\", \"CVE-2020-0936\", \"CVE-2020-0937\", \"CVE-2020-0938\",\n \"CVE-2020-0940\", \"CVE-2020-0942\", \"CVE-2020-0944\", \"CVE-2020-0945\",\n \"CVE-2020-0946\", \"CVE-2020-0948\", \"CVE-2020-0949\", \"CVE-2020-0950\",\n \"CVE-2020-0952\", \"CVE-2020-0953\", \"CVE-2020-0955\", \"CVE-2020-0956\",\n \"CVE-2020-0958\", \"CVE-2020-0959\", \"CVE-2020-0960\", \"CVE-2020-0962\",\n \"CVE-2020-0964\", \"CVE-2020-0965\", \"CVE-2020-0966\", \"CVE-2020-0967\",\n \"CVE-2020-0968\", \"CVE-2020-0969\", \"CVE-2020-0982\", \"CVE-2020-0983\",\n \"CVE-2020-0985\", \"CVE-2020-0987\", \"CVE-2020-0988\", \"CVE-2020-0992\",\n \"CVE-2020-0993\", \"CVE-2020-0994\", \"CVE-2020-0995\", \"CVE-2020-0999\",\n \"CVE-2020-1000\", \"CVE-2020-1001\", \"CVE-2020-1003\", \"CVE-2020-1004\",\n \"CVE-2020-1005\", \"CVE-2020-1006\", \"CVE-2020-1007\", \"CVE-2020-1008\",\n \"CVE-2020-1009\", \"CVE-2020-1011\", \"CVE-2020-1014\", \"CVE-2020-1015\",\n \"CVE-2020-1016\", \"CVE-2020-1017\", \"CVE-2020-1020\", \"CVE-2020-1027\",\n \"CVE-2020-1029\", \"CVE-2020-1094\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4550927)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4550927\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the way that the scripting engine handles objects in memory\n in Internet Explorer.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - An error when the Windows Jet Database Engine improperly handles objects\n in memory.\n\n - An error when the Windows update stack fails to properly handle objects in\n memory.\n\n - An error when the Windows Delivery Optimization service improperly handles\n objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4550927\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Kernel32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1805\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Kernel32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1805\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:38", "description": "This host is missing a critical security\n update according to Microsoft KB4550922", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4550922)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0950", "CVE-2020-1016", "CVE-2020-0967", "CVE-2020-0983", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0934", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0958", "CVE-2020-0794", "CVE-2020-0987", "CVE-2020-0996", "CVE-2020-0784", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0913", "CVE-2020-0940", "CVE-2020-0699", "CVE-2020-0959", "CVE-2020-0970", "CVE-2020-1017", "CVE-2020-0956", "CVE-2020-0949", "CVE-2020-1001", "CVE-2020-0953", "CVE-2020-0888", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0942", "CVE-2020-0993", "CVE-2020-0945", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-0937", "CVE-2020-0985", "CVE-2020-1003", "CVE-2020-1000", "CVE-2020-1006", "CVE-2020-1011", "CVE-2020-0944", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-1029", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0969", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-0936", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816829", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816829", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816829\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0699\", \"CVE-2020-0784\", \"CVE-2020-0794\",\n \"CVE-2020-0821\", \"CVE-2020-0888\", \"CVE-2020-0889\", \"CVE-2020-0895\",\n \"CVE-2020-0907\", \"CVE-2020-0913\", \"CVE-2020-0934\", \"CVE-2020-0936\",\n \"CVE-2020-0937\", \"CVE-2020-0938\", \"CVE-2020-0940\", \"CVE-2020-0942\",\n \"CVE-2020-0944\", \"CVE-2020-0945\", \"CVE-2020-0946\", \"CVE-2020-0948\",\n \"CVE-2020-0949\", \"CVE-2020-0950\", \"CVE-2020-0952\", \"CVE-2020-0953\",\n \"CVE-2020-0955\", \"CVE-2020-0956\", \"CVE-2020-0958\", \"CVE-2020-0959\",\n \"CVE-2020-0960\", \"CVE-2020-0962\", \"CVE-2020-0964\", \"CVE-2020-0965\",\n \"CVE-2020-0966\", \"CVE-2020-0967\", \"CVE-2020-0968\", \"CVE-2020-0969\",\n \"CVE-2020-0970\", \"CVE-2020-0982\", \"CVE-2020-0983\", \"CVE-2020-0985\",\n \"CVE-2020-0987\", \"CVE-2020-0988\", \"CVE-2020-0992\", \"CVE-2020-0993\",\n \"CVE-2020-0994\", \"CVE-2020-0995\", \"CVE-2020-0996\", \"CVE-2020-0999\",\n \"CVE-2020-1000\", \"CVE-2020-1001\", \"CVE-2020-1003\", \"CVE-2020-1004\",\n \"CVE-2020-1005\", \"CVE-2020-1006\", \"CVE-2020-1007\", \"CVE-2020-1008\",\n \"CVE-2020-1009\", \"CVE-2020-1011\", \"CVE-2020-1014\", \"CVE-2020-1015\",\n \"CVE-2020-1016\", \"CVE-2020-1017\", \"CVE-2020-1020\", \"CVE-2020-1027\",\n \"CVE-2020-1029\", \"CVE-2020-1094\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4550922)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4550922\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the way that the scripting engine handles objects in memory\n in Internet Explorer.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - An error when the Windows Jet Database Engine improperly handles objects\n in memory.\n\n - An error when the Windows update stack fails to properly handle objects in\n memory.\n\n - An error when the Windows Delivery Optimization service improperly handles\n objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please\n see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4550922\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Kernel32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17134.0\", test_version2:\"10.0.17134.1424\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Kernel32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17134.0 - 10.0.17134.1424\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:37", "description": "This host is missing a critical security\n update according to Microsoft KB4549949", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4549949)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0950", "CVE-2020-1016", "CVE-2020-0967", "CVE-2020-0983", "CVE-2020-0917", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0934", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0958", "CVE-2020-0794", "CVE-2020-0987", "CVE-2020-0996", "CVE-2020-0784", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0913", "CVE-2020-0940", "CVE-2020-0699", "CVE-2020-0959", "CVE-2020-0970", "CVE-2020-0918", "CVE-2020-1017", "CVE-2020-0956", "CVE-2020-0949", "CVE-2020-1001", "CVE-2020-0953", "CVE-2020-0888", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0942", "CVE-2020-0993", "CVE-2020-0945", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-0937", "CVE-2020-0985", "CVE-2020-1003", "CVE-2020-1000", "CVE-2020-1006", "CVE-2020-1011", "CVE-2020-0944", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-1029", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0969", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-0910", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-0936", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816825", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816825", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816825\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0699\", \"CVE-2020-0784\", \"CVE-2020-0794\",\n \"CVE-2020-0821\", \"CVE-2020-0888\", \"CVE-2020-0889\", \"CVE-2020-0895\",\n \"CVE-2020-0907\", \"CVE-2020-0910\", \"CVE-2020-0913\", \"CVE-2020-0917\",\n \"CVE-2020-0918\", \"CVE-2020-0934\", \"CVE-2020-0936\", \"CVE-2020-0937\",\n \"CVE-2020-0938\", \"CVE-2020-0940\", \"CVE-2020-0942\", \"CVE-2020-0944\",\n \"CVE-2020-0945\", \"CVE-2020-0946\", \"CVE-2020-0948\", \"CVE-2020-0949\",\n \"CVE-2020-0950\", \"CVE-2020-0952\", \"CVE-2020-0953\", \"CVE-2020-0955\",\n \"CVE-2020-0956\", \"CVE-2020-0958\", \"CVE-2020-0959\", \"CVE-2020-0960\",\n \"CVE-2020-0962\", \"CVE-2020-0964\", \"CVE-2020-0965\", \"CVE-2020-0966\",\n \"CVE-2020-0967\", \"CVE-2020-0968\", \"CVE-2020-0969\", \"CVE-2020-0970\",\n \"CVE-2020-0982\", \"CVE-2020-0983\", \"CVE-2020-0985\", \"CVE-2020-0987\",\n \"CVE-2020-0988\", \"CVE-2020-0992\", \"CVE-2020-0993\", \"CVE-2020-0994\",\n \"CVE-2020-0995\", \"CVE-2020-0996\", \"CVE-2020-0999\", \"CVE-2020-1000\",\n \"CVE-2020-1001\", \"CVE-2020-1003\", \"CVE-2020-1004\", \"CVE-2020-1005\",\n \"CVE-2020-1006\", \"CVE-2020-1007\", \"CVE-2020-1008\", \"CVE-2020-1009\",\n \"CVE-2020-1011\", \"CVE-2020-1014\", \"CVE-2020-1015\", \"CVE-2020-1016\",\n \"CVE-2020-1017\", \"CVE-2020-1020\", \"CVE-2020-1027\", \"CVE-2020-1029\",\n \"CVE-2020-1094\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4549949)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4549949\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the way that the scripting engine handles objects in memory\n in Internet Explorer.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - An error when the Windows Jet Database Engine improperly handles objects\n in memory.\n\n - An error when the Windows update stack fails to properly handle objects in\n memory.\n\n - An error when the Windows Delivery Optimization service improperly handles\n objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4549949\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Comctl32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"6.10.17763.0\", test_version2:\"6.10.17763.1157\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\\",\n file_version:dllVer, vulnerable_range:\"6.10.17763.0 - 6.10.17763.1157\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4549951", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4549951)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0950", "CVE-2020-1016", "CVE-2020-0967", "CVE-2020-0983", "CVE-2020-0917", "CVE-2020-0962", "CVE-2020-0687", "CVE-2020-0895", "CVE-2020-0934", "CVE-2020-0907", "CVE-2020-0946", "CVE-2020-0948", "CVE-2020-0958", "CVE-2020-0794", "CVE-2020-0947", "CVE-2020-0987", "CVE-2020-0996", "CVE-2020-0981", "CVE-2020-0784", "CVE-2020-0992", "CVE-2020-1008", "CVE-2020-1094", "CVE-2020-0913", "CVE-2020-0940", "CVE-2020-0699", "CVE-2020-0959", "CVE-2020-0970", "CVE-2020-0918", "CVE-2020-1017", "CVE-2020-0956", "CVE-2020-0949", "CVE-2020-1001", "CVE-2020-0953", "CVE-2020-0888", "CVE-2020-0938", "CVE-2020-0952", "CVE-2020-0942", "CVE-2020-0993", "CVE-2020-0945", "CVE-2020-0988", "CVE-2020-1014", "CVE-2020-0937", "CVE-2020-0985", "CVE-2020-1003", "CVE-2020-1000", "CVE-2020-1006", "CVE-2020-1011", "CVE-2020-0944", "CVE-2020-0821", "CVE-2020-1005", "CVE-2020-1029", "CVE-2020-0999", "CVE-2020-0995", "CVE-2020-0969", "CVE-2020-0960", "CVE-2020-0964", "CVE-2020-0982", "CVE-2020-1015", "CVE-2020-0955", "CVE-2020-1027", "CVE-2020-0910", "CVE-2020-1020", "CVE-2020-0889", "CVE-2020-0939", "CVE-2020-1009", "CVE-2020-0968", "CVE-2020-0966", "CVE-2020-1007", "CVE-2020-0936", "CVE-2020-1004", "CVE-2020-0994", "CVE-2020-0965"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310816830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816830", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816830\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0687\", \"CVE-2020-0699\", \"CVE-2020-0784\", \"CVE-2020-0794\",\n \"CVE-2020-0821\", \"CVE-2020-0888\", \"CVE-2020-0889\", \"CVE-2020-0895\",\n \"CVE-2020-0907\", \"CVE-2020-0910\", \"CVE-2020-0913\", \"CVE-2020-0917\",\n \"CVE-2020-0918\", \"CVE-2020-0934\", \"CVE-2020-0936\", \"CVE-2020-0937\",\n \"CVE-2020-0938\", \"CVE-2020-0939\", \"CVE-2020-0940\", \"CVE-2020-0942\",\n \"CVE-2020-0944\", \"CVE-2020-0945\", \"CVE-2020-0946\", \"CVE-2020-0947\",\n \"CVE-2020-0948\", \"CVE-2020-0949\", \"CVE-2020-0950\", \"CVE-2020-0952\",\n \"CVE-2020-0953\", \"CVE-2020-0955\", \"CVE-2020-0956\", \"CVE-2020-0958\",\n \"CVE-2020-0959\", \"CVE-2020-0960\", \"CVE-2020-0962\", \"CVE-2020-0964\",\n \"CVE-2020-0965\", \"CVE-2020-0966\", \"CVE-2020-0967\", \"CVE-2020-0968\",\n \"CVE-2020-0969\", \"CVE-2020-0970\", \"CVE-2020-0981\", \"CVE-2020-0982\",\n \"CVE-2020-0983\", \"CVE-2020-0985\", \"CVE-2020-0987\", \"CVE-2020-0988\",\n \"CVE-2020-0992\", \"CVE-2020-0993\", \"CVE-2020-0994\", \"CVE-2020-0995\",\n \"CVE-2020-0996\", \"CVE-2020-0999\", \"CVE-2020-1000\", \"CVE-2020-1001\",\n \"CVE-2020-1003\", \"CVE-2020-1004\", \"CVE-2020-1005\", \"CVE-2020-1006\",\n \"CVE-2020-1007\", \"CVE-2020-1008\", \"CVE-2020-1009\", \"CVE-2020-1011\",\n \"CVE-2020-1014\", \"CVE-2020-1015\", \"CVE-2020-1016\", \"CVE-2020-1017\",\n \"CVE-2020-1020\", \"CVE-2020-1027\", \"CVE-2020-1029\", \"CVE-2020-1094\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-15 08:39:55 +0530 (Wed, 15 Apr 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4549951)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4549951\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the way that the scripting engine handles objects in memory\n in Internet Explorer.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - An error when the Windows Jet Database Engine improperly handles objects\n in memory.\n\n - An error when the Windows update stack fails to properly handle objects in\n memory.\n\n - An error when the Windows Delivery Optimization service improperly handles\n objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit/x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit/x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4549951\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Kernel32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.777\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Kernel32.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.777\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:04:28", "description": "### *Detect date*:\n04/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nInternet Explorer 9 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server, version 1903 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nInternet Explorer 11 \nWindows RT 8.1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0968](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0968>) \n[CVE-2020-0987](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0987>) \n[CVE-2020-0982](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0982>) \n[CVE-2020-0889](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0889>) \n[CVE-2020-0960](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0960>) \n[CVE-2020-0962](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0962>) \n[CVE-2020-1007](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1007>) \n[CVE-2020-0964](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0964>) \n[CVE-2020-0965](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0965>) \n[CVE-2020-0988](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0988>) \n[CVE-2020-0967](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0967>) \n[CVE-2020-0959](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0959>) \n[CVE-2020-1015](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1015>) \n[CVE-2020-1014](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1014>) \n[CVE-2020-0946](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0946>) \n[CVE-2020-1011](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1011>) \n[CVE-2020-1009](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1009>) \n[CVE-2020-0907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0907>) \n[CVE-2020-0895](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0895>) \n[CVE-2020-1094](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1094>) \n[CVE-2020-0687](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0687>) \n[CVE-2020-0995](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0995>) \n[CVE-2020-0994](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0994>) \n[CVE-2020-0993](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0993>) \n[CVE-2020-0992](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0992>) \n[CVE-2020-0821](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0821>) \n[CVE-2020-0999](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0999>) \n[CVE-2020-1000](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1000>) \n[CVE-2020-0953](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0953>) \n[CVE-2020-0952](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0952>) \n[CVE-2020-1004](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1004>) \n[CVE-2020-1005](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1005>) \n[CVE-2020-0957](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0957>) \n[CVE-2020-0956](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0956>) \n[CVE-2020-1008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1008>) \n[CVE-2020-0958](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0958>) \n[CVE-2020-1020](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1020>) \n[CVE-2020-1027](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1027>) \n[CVE-2020-0938](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0938>) \n[CVE-2020-0966](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0966>) \n[CVE-2020-0955](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0955>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Server](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Server/>)\n\n### *CVE-IDS*:\n[CVE-2020-0968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0968>)7.6Critical \n[CVE-2020-0987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0987>)2.1Warning \n[CVE-2020-0982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0982>)2.1Warning \n[CVE-2020-0889](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0889>)9.3Critical \n[CVE-2020-0960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0960>)9.3Critical \n[CVE-2020-0962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0962>)2.1Warning \n[CVE-2020-1007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1007>)2.1Warning \n[CVE-2020-0964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0964>)9.3Critical \n[CVE-2020-0965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0965>)4.6Warning \n[CVE-2020-0988](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0988>)9.3Critical \n[CVE-2020-0967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0967>)9.3Critical \n[CVE-2020-0959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0959>)9.3Critical \n[CVE-2020-1015](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1015>)7.2High \n[CVE-2020-1014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1014>)7.2High \n[CVE-2020-0946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0946>)4.3Warning \n[CVE-2020-1011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1011>)7.2High \n[CVE-2020-1009](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1009>)7.2High \n[CVE-2020-0907](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0907>)9.3Critical \n[CVE-2020-0895](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0895>)7.6Critical \n[CVE-2020-1094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1094>)7.2High \n[CVE-2020-0687](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0687>)9.3Critical \n[CVE-2020-0995](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0995>)9.3Critical \n[CVE-2020-0994](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0994>)9.3Critical \n[CVE-2020-0993](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0993>)6.8High \n[CVE-2020-0992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0992>)9.3Critical \n[CVE-2020-0821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0821>)2.1Warning \n[CVE-2020-0999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0999>)9.3Critical \n[CVE-2020-1000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1000>)7.2High \n[CVE-2020-0953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0953>)9.3Critical \n[CVE-2020-0952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0952>)4.3Warning \n[CVE-2020-1004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1004>)7.2High \n[CVE-2020-1005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1005>)2.1Warning \n[CVE-2020-0957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0957>)7.2High \n[CVE-2020-0956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0956>)7.2High \n[CVE-2020-1008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1008>)9.3Critical \n[CVE-2020-0958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0958>)7.2High \n[CVE-2020-1020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020>)6.8High \n[CVE-2020-1027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1027>)7.2High \n[CVE-2020-0938](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0938>)6.8High \n[CVE-2020-0966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0966>)9.3Critical \n[CVE-2020-0955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0955>)2.1Warning\n\n### *KB list*:\n[4550951](<http://support.microsoft.com/kb/4550951>) \n[4550964](<http://support.microsoft.com/kb/4550964>) \n[4550957](<http://support.microsoft.com/kb/4550957>) \n[4550905](<http://support.microsoft.com/kb/4550905>) \n[4550965](<http://support.microsoft.com/kb/4550965>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "kaspersky", "title": "KLA11743 Multiple vulnerabilities in Microsoft products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0821", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0907", "CVE-2020-0938", "CVE-2020-0946", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0957", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0982", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1094"], "modified": "2020-06-18T00:00:00", "id": "KLA11743", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11743/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:04:27", "description": "### *Detect date*:\n04/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server, version 1903 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows RT 8.1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0987](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0987>) \n[CVE-2020-0985](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0985>) \n[CVE-2020-0982](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0982>) \n[CVE-2020-0983](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0983>) \n[CVE-2020-0981](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0981>) \n[CVE-2020-0960](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0960>) \n[CVE-2020-0962](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0962>) \n[CVE-2020-0956](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0956>) \n[CVE-2020-0964](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0964>) \n[CVE-2020-0965](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0965>) \n[CVE-2020-0988](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0988>) \n[CVE-2020-0942](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0942>) \n[CVE-2020-0959](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0959>) \n[CVE-2020-1015](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1015>) \n[CVE-2020-1014](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1014>) \n[CVE-2020-0946](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0946>) \n[CVE-2020-0947](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0947>) \n[CVE-2020-1011](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1011>) \n[CVE-2020-0958](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0958>) \n[CVE-2020-0907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0907>) \n[CVE-2020-0948](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0948>) \n[CVE-2020-0949](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0949>) \n[CVE-2020-0889](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0889>) \n[CVE-2020-0945](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0945>) \n[CVE-2020-1007](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1007>) \n[CVE-2020-1094](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1094>) \n[CVE-2020-0784](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0784>) \n[CVE-2020-0910](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0910>) \n[CVE-2020-1003](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1003>) \n[CVE-2020-0913](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0913>) \n[CVE-2020-0687](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0687>) \n[CVE-2020-0953](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0953>) \n[CVE-2020-1029](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1029>) \n[CVE-2020-0995](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0995>) \n[CVE-2020-0994](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0994>) \n[CVE-2020-0944](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0944>) \n[CVE-2020-0996](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0996>) \n[CVE-2020-0993](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0993>) \n[CVE-2020-0992](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0992>) \n[CVE-2020-0821](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0821>) \n[CVE-2020-0999](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0999>) \n[CVE-2020-1000](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1000>) \n[CVE-2020-0950](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0950>) \n[CVE-2020-0939](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0939>) \n[CVE-2020-0952](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0952>) \n[CVE-2020-0955](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0955>) \n[CVE-2020-0918](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0918>) \n[CVE-2020-1006](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1006>) \n[CVE-2020-0888](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0888>) \n[CVE-2020-1008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1008>) \n[CVE-2020-1009](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1009>) \n[CVE-2020-0917](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0917>) \n[CVE-2020-0937](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0937>) \n[CVE-2020-1027](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1027>) \n[CVE-2020-0936](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0936>) \n[CVE-2020-0934](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0934>) \n[CVE-2020-1020](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1020>) \n[CVE-2020-1017](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1017>) \n[CVE-2020-1016](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1016>) \n[CVE-2020-0794](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0794>) \n[CVE-2020-0940](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0940>) \n[CVE-2020-0938](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0938>) \n[CVE-2020-1001](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1001>) \n[CVE-2020-1004](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1004>) \n[CVE-2020-0699](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0699>) \n[CVE-2020-1005](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1005>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-0987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0987>)2.1Warning \n[CVE-2020-0982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0982>)2.1Warning \n[CVE-2020-0889](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0889>)9.3Critical \n[CVE-2020-0960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0960>)9.3Critical \n[CVE-2020-0962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0962>)2.1Warning \n[CVE-2020-1007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1007>)2.1Warning \n[CVE-2020-0964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0964>)9.3Critical \n[CVE-2020-0965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0965>)4.6Warning \n[CVE-2020-0988](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0988>)9.3Critical \n[CVE-2020-0959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0959>)9.3Critical \n[CVE-2020-1015](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1015>)7.2High \n[CVE-2020-1014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1014>)7.2High \n[CVE-2020-0946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0946>)4.3Warning \n[CVE-2020-1011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1011>)7.2High \n[CVE-2020-1009](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1009>)7.2High \n[CVE-2020-0907](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0907>)9.3Critical \n[CVE-2020-1094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1094>)7.2High \n[CVE-2020-0687](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0687>)9.3Critical \n[CVE-2020-0995](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0995>)9.3Critical \n[CVE-2020-0994](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0994>)9.3Critical \n[CVE-2020-0993](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0993>)6.8High \n[CVE-2020-0992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0992>)9.3Critical \n[CVE-2020-0821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0821>)2.1Warning \n[CVE-2020-0999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0999>)9.3Critical \n[CVE-2020-1000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1000>)7.2High \n[CVE-2020-0953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0953>)9.3Critical \n[CVE-2020-0952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0952>)4.3Warning \n[CVE-2020-1004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1004>)7.2High \n[CVE-2020-1005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1005>)2.1Warning \n[CVE-2020-0956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0956>)7.2High \n[CVE-2020-1008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1008>)9.3Critical \n[CVE-2020-0958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0958>)7.2High \n[CVE-2020-1020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020>)6.8High \n[CVE-2020-1027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1027>)7.2High \n[CVE-2020-0938](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0938>)6.8High \n[CVE-2020-0955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0955>)2.1Warning \n[CVE-2020-0985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0985>)7.2High \n[CVE-2020-0983](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0983>)7.2High \n[CVE-2020-0981](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0981>)4.6Warning \n[CVE-2020-0942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0942>)3.6Warning \n[CVE-2020-0947](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0947>)4.3Warning \n[CVE-2020-0948](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0948>)9.3Critical \n[CVE-2020-0949](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0949>)9.3Critical \n[CVE-2020-0945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0945>)4.3Warning \n[CVE-2020-0784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0784>)7.2High \n[CVE-2020-0910](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0910>)7.7Critical \n[CVE-2020-1003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1003>)7.2High \n[CVE-2020-0913](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0913>)7.2High \n[CVE-2020-1029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1029>)7.2High \n[CVE-2020-0944](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0944>)4.6Warning \n[CVE-2020-0996](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0996>)7.2High \n[CVE-2020-0950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0950>)9.3Critical \n[CVE-2020-0939](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0939>)4.3Warning \n[CVE-2020-0918](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0918>)7.4High \n[CVE-2020-1006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1006>)7.2High \n[CVE-2020-0888](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0888>)7.2High \n[CVE-2020-0917](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0917>)7.4High \n[CVE-2020-0937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0937>)4.3Warning \n[CVE-2020-0936](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0936>)3.6Warning \n[CVE-2020-0934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0934>)4.6Warning \n[CVE-2020-1017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1017>)7.2High \n[CVE-2020-1016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1016>)2.1Warning \n[CVE-2020-0794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0794>)4.9Warning \n[CVE-2020-0940](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0940>)7.2High \n[CVE-2020-1001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1001>)7.2High \n[CVE-2020-0699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0699>)2.1Warning\n\n### *KB list*:\n[4549949](<http://support.microsoft.com/kb/4549949>) \n[4550927](<http://support.microsoft.com/kb/4550927>) \n[4550929](<http://support.microsoft.com/kb/4550929>) \n[4550917](<http://support.microsoft.com/kb/4550917>) \n[4549951](<http://support.microsoft.com/kb/4549951>) \n[4550971](<http://support.microsoft.com/kb/4550971>) \n[4550961](<http://support.microsoft.com/kb/4550961>) \n[4550922](<http://support.microsoft.com/kb/4550922>) \n[4550930](<http://support.microsoft.com/kb/4550930>) \n[4550970](<http://support.microsoft.com/kb/4550970>) \n[4571692](<http://support.microsoft.com/kb/4571692>) \n[4571694](<http://support.microsoft.com/kb/4571694>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "kaspersky", "title": "KLA11744 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0687", "CVE-2020-0699", "CVE-2020-0784", "CVE-2020-0794", "CVE-2020-0821", "CVE-2020-0888", "CVE-2020-0889", "CVE-2020-0907", "CVE-2020-0910", "CVE-2020-0913", "CVE-2020-0917", "CVE-2020-0918", "CVE-2020-0934", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0939", "CVE-2020-0940", "CVE-2020-0942", "CVE-2020-0944", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0947", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0981", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0996", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1006", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1017", "CVE-2020-1020", "CVE-2020-1027", "CVE-2020-1029", "CVE-2020-1094"], "modified": "2020-09-10T00:00:00", "id": "KLA11744", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11744/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2020-08-07T08:03:36", "description": "## Easiest task ever?\n\nMaking the reviews of Microsoft Patch Tuesday vulnerabilities should be an easy task. All vulnerability data is publicly available. Even better, dozens of reviews have already been written. Just read them, combine and post. Right? \n\n\n\nNot really. In fact it is quite boring and annoying. It may be fun to write about vulnerabilities that were already used in some real attacks. But this is a very small part of all vulnerabilities. What about more than a hundred others? They are like \u201csome vulnerability in some component may be used in some attack (or may be not)\u201d. If you describe each of them, no one will read or listen this. \n\nYou must choose what to highlight. And when I am reading the reports from [Tenable](<https://www.tenable.com/blog/microsoft-april-2020-patch-tuesday-addresses-113-cves-including-adobe-type-manager-library>), [Qualys](<https://blog.qualys.com/laws-of-vulnerabilities/2020/04/14/april-2020-patch-tuesday-113-vulns-19-critical-0-day-patches-sharepoint-adobe-coldfusion>) and [ZDI](<https://www.thezdi.com/blog/2020/4/14/the-april-2020-security-update-review>), I see that they choose very different groups of vulnerabilities, pretty much randomly.\n\n## My classification script\n\nThat&#x27;s why I created a script that takes Patch Tuesday CVE data from microsoft.com and visualizes it giving me helicopter view on what can be interesting there. With nice grouping by vulnerability type and product, with custom icons for vulnerability types, coloring based on severity, etc.\n\n## Exploited in the wild\n\nApril 2020 Microsoft Patch Tuesday was published on 14.04.2020 and addressed 113 CVEs. 2 CVEs less than in March, but still too many to discuss them separately. 18 CVEs are critical (other reports say 19, but you can count it yourself) and 3 were exploited in the wild. These 3 are the most interesting, I&#x27;ve got them by &quot;exploited&quot; parameter in Microsoft CVE data.\n\n### Exploitation detected (3)\n\n#### Remote Code Execution\n\n * Adobe Font Manager Library ([CVE-2020-0938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938>), [CVE-2020-1020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020>))\n\n#### Elevation of Privilege\n\n * Windows Kernel ([CVE-2020-1027](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027>))\n\nMicrosoft has finally released a patch for the Adobe Type Manager vulnerability (CVE-2020-1020). The advisory [ADV200006](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006>) appeared on Microsoft website 23.03.2020, 3 week before this patch. The advisory stated, that this vulnerability was used in targeted attack in the wild. That&#x27;s why it was discussed a lot. The idea is simple. If you open a special file or preview it in Explorer, remote code execution will occur. It is noted that previewing it in Microsoft Outlook is safe. This vulnerability is great for phishing attacks, in addition, it is also possible to exploit it through Web Distributed Authoring and Versioning (WebDAV). It is an extension of the HTTP that allows clients to perform remote Web content authoring operations. It is used, for example, in Microsoft SharePoint or ownCloud. And Microsoft claims that exploitation through WebDAV is the most likely attack vector.\n\nI called this vulnerability &quot;confusing&quot; in the title because:\n\n> To be clear and despite its name, this is *not* Adobe code. Microsoft was given the source code for ATM Light for inclusion in Windows 2000/XP. After that, Microsoft took 100% responsibility for maintaining the code.\n> \n> -- Rosyna Keller (@rosyna) [March 23, 2020](<https://twitter.com/rosyna/status/1242156545346916352?ref_src=twsrc%5Etfw>)\n\n 1. It has &quot;Adobe&quot; in the name, but is not really related to Adobe. Adobe gave Microsoft the source code of ATM Light for inclusion in Windows 2000/XP. Microsoft maintained this source code after that.\n 2. Microsoft initially stated that RCE exists in 40 version of Windows from Windows 7 to Windows 10 and from Windows Server 2008 to Windows Server 2019. And this is huge. But then they added that exploitation was detected only for Windows 7. And they &quot;do not recommend that IT administrators running Windows 10 implement the workarounds described&quot; in advisory. For Windows Server 2016 and Windows Server 2019 the vulnerability is only &quot;Important&quot;, not &quot;Critical&quot;. And the most vulnerable systems won&#x27;t get the updates by default: &quot;to receive the security update for this vulnerability for Windows 7, Windows Server 2008, or Windows Server 2008 R2 you must have an ESU license&quot;. Yet another good reason to upgrade to a newer version.\n 3. The CVE number for this vulnerability was only assigned 3 weeks after it became publicly known. Before that, everyone called it by advisory ID ADV200006. So, CVE is not the ultimate identifier for vulnerabilities. And if you use only CVEs, some vulnerabilities will be out of scope. \n\nAnother vulnerability in the Adobe Font Manager Library (CVE-2020-0938) is very similar to previous CVE-2020-1020, although it impacts a different font renderer.\n\nThe last exploited vulnerability is the Elevation of Privilege (EoP) in Windows kernel (CVE-2020-1027). To exploit the vulnerability, a locally authenticated attacker should run a specially crafted application. Also all versions of Windows from Windows 7 to Windows 10 and from Windows Server 2008 to Windows Server 2019 are vulnerable.\n\n> We discovered CVE-2020-1027 being exploited in the wild and reported it on 23 March under a 7-day deadline (used only for actively exploited bugs). Microsoft asked for an extension due to current global circumstances and we agreed. Patch details at <https://t.co/VF3SqXHYV9> (1/2)\n> \n> -- Tim Willis (@itswillis) [April 14, 2020](<https://twitter.com/itswillis/status/1250116355602419713?ref_src=twsrc%5Etfw>)\n\n## More likely to be exploited\n\nWhat else can be interesting? I filtered the CVEs with &quot;Exploitation more likely&quot; flag for current and older versions. \n\nAs you can see, the most interesting vulnerability is Scripting Engine Memory Corruption Vulnerability (CVE-2020-0968), which in fact affects Internet Explorer. An attacker can make a specially crafted website that is designed to exploit the vulnerability through Internet Explorer, or use the embedded an ActiveX control in application or Microsoft Office document. As a result, an attacker can execute arbitrary code in the context of the current user.\n\n### Exploitation more likely (7)\n\n#### Remote Code Execution\n\n * Internet Explorer ([CVE-2020-0968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0968>))\n\n#### Elevation of Privilege\n\n * DirectX ([CVE-2020-0784](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0784>), [CVE-2020-0888](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0888>))\n * Windows Graphics Component ([CVE-2020-1004](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1004>))\n * Windows Kernel ([CVE-2020-0956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0956>), [CVE-2020-0957](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0957>), [CVE-2020-0958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0958>))\n\nOther more likely to be exploitable vulnerabilities are Elevation of Privilege in DirectX, Windows Graphics Component and Windows Kernel. Not much information is available for them. &quot;An attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system&quot;.\n\n## Groups by product\n\nWhat about other 103 vulnerabilities that are less likely to be exploited according to Microsoft. I made groups for products with more then 5 vulnerabilities.\n\n### Other Product based (52)\n\n#### Jet Database Engine\n\n * Remote Code Execution ([CVE-2020-0889](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0889>), [CVE-2020-0953](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0953>), [CVE-2020-0959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0959>), [CVE-2020-0960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0960>), [CVE-2020-0988](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0988>), [CVE-2020-0992](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0992>), [CVE-2020-0994](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0994>), [CVE-2020-0995](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0995>), [CVE-2020-0999](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0999>), [CVE-2020-1008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1008>))\n\n#### Media Foundation\n\n * Memory Corruption ([CVE-2020-0948](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0948>), [CVE-2020-0949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0949>), [CVE-2020-0950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0950>))\n * Information Disclosure ([CVE-2020-0937](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0937>), [CVE-2020-0939](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0939>), [CVE-2020-0945](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0945>), [CVE-2020-0946](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0946>), [CVE-2020-0947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0947>))\n\n#### Microsoft SharePoint\n\n * Remote Code Execution ([CVE-2020-0920](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920>), [CVE-2020-0971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971>), [CVE-2020-0929](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929>), [CVE-2020-0931](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931>), [CVE-2020-0932](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932>), [CVE-2020-0974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0974>))\n * Cross Site Scripting ([CVE-2020-0923](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923>), [CVE-2020-0924](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924>), [CVE-2020-0925](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925>), [CVE-2020-0926](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0926>), [CVE-2020-0927](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0927>), [CVE-2020-0930](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0930>), [CVE-2020-0933](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933>), [CVE-2020-0954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0954>), [CVE-2020-0973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0973>), [CVE-2020-0978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978>))\n * Spoofing ([CVE-2020-0972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972>), [CVE-2020-0975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975>), [CVE-2020-0976](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976>), [CVE-2020-0977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0977>))\n\n#### Windows\n\n * Denial of Service ([CVE-2020-0794](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0794>))\n * Elevation of Privilege ([CVE-2020-0934](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0934>), [CVE-2020-0983](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0983>), [CVE-2020-1009](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1009>), [CVE-2020-1011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1011>), [CVE-2020-1015](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1015>))\n\n#### Windows Kernel\n\n * Elevation of Privilege ([CVE-2020-0913](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0913>), [CVE-2020-1000](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1000>), [CVE-2020-1003](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1003>))\n * Information Disclosure ([CVE-2020-0699](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0699>), [CVE-2020-0821](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0821>), [CVE-2020-0955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0955>), [CVE-2020-0962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0962>), [CVE-2020-1007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1007>))\n\nSo, the most interesting groups are Jet Database Engine and Microsoft SharePoint, both have RCEs. \n\n## Groups by vulnerability type\n\nAll other vulnerabilities in different products I combined by vulnerability type. Interesting EoP in OneDrive for Windows, but &quot;most customers have been protected from this vulnerability because OneDrive has its own updater that periodically checks and updates the OneDrive binary&quot;.\n\n### Other Vulnerability Type based (51)\n\n#### Remote Code Execution\n\n * Chakra Scripting Engine ([CVE-2020-0969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0969>), [CVE-2020-0970](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0970>))\n * Dynamics Business Central ([CVE-2020-1022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022>))\n * GDI+ ([CVE-2020-0964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0964>))\n * Microsoft Excel ([CVE-2020-0906](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0906>), [CVE-2020-0979](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0979>))\n * Microsoft Graphics ([CVE-2020-0687](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0687>))\n * Microsoft Graphics Components ([CVE-2020-0907](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0907>))\n * Microsoft Office ([CVE-2020-0760](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760>), [CVE-2020-0991](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0991>))\n * Microsoft Office Access Connectivity Engine ([CVE-2020-0961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0961>))\n * Microsoft Windows Codecs Library ([CVE-2020-0965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0965>))\n * Microsoft Word ([CVE-2020-0980](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980>))\n * VBScript ([CVE-2020-0895](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0895>), [CVE-2020-0966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0966>), [CVE-2020-0967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0967>))\n * Windows Hyper-V ([CVE-2020-0910](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0910>))\n\n#### Authentication Bypass\n\n * Microsoft YourPhone Application for Android ([CVE-2020-0943](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943>))\n\n#### Denial of Service\n\n * Windows DNS ([CVE-2020-0993](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0993>))\n\n#### Elevation of Privilege\n\n * Connected User Experiences and Telemetry Service ([CVE-2020-0942](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0942>), [CVE-2020-0944](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0944>), [CVE-2020-1029](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1029>))\n * Microsoft (MAU) Office ([CVE-2020-0984](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984>))\n * Microsoft Defender ([CVE-2020-0835](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0835>), [CVE-2020-1002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002>))\n * Microsoft RMS Sharing App for Mac ([CVE-2020-1019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1019>))\n * Microsoft Remote Desktop App for Mac ([CVE-2020-0919](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0919>))\n * Microsoft Visual Studio ([CVE-2020-0899](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899>))\n * Microsoft Windows Update Client ([CVE-2020-1014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1014>))\n * OneDrive for Windows ([CVE-2020-0935](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0935>))\n * Visual Studio Extension Installer Service ([CVE-2020-0900](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900>))\n * Windows Hyper-V ([CVE-2020-0917](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0917>), [CVE-2020-0918](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0918>))\n * Windows Push Notification Service ([CVE-2020-0940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0940>), [CVE-2020-1001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1001>), [CVE-2020-1006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1006>), [CVE-2020-1017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1017>))\n * Windows Scheduled Task ([CVE-2020-0936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0936>))\n * Windows Update Stack ([CVE-2020-0985](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0985>), [CVE-2020-0996](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0996>))\n * Windows Work Folder Service ([CVE-2020-1094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1094>))\n\n#### Security Feature Bypass\n\n * MSR JavaScript Cryptography Library ([CVE-2020-1026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1026>))\n * Windows Token ([CVE-2020-0981](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0981>))\n\n#### Information Disclosure\n\n * Microsoft Dynamics Business Central/NAV ([CVE-2020-1018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018>))\n * Microsoft Graphics Component ([CVE-2020-0982](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0982>), [CVE-2020-0987](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0987>), [CVE-2020-1005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1005>))\n * Windows GDI ([CVE-2020-0952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0952>))\n * Windows Push Notification Service ([CVE-2020-1016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1016>))\n\n#### Cross Site Scripting\n\n * Microsoft Dynamics 365 (On-Premise) ([CVE-2020-1049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1049>), [CVE-2020-1050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1050>))\n\nZero Day Initiative recommends to note Denial-of-Service in the Windows DNS service (CVE-2020-0993). &quot;Considering the damage that could be done by an unauthenticated attacker&quot;. At the same time Microsoft website says: &quot;To exploit the vulnerability, an **authenticated** attacker could send malicious DNS queries to a target, resulting in a denial of service&quot;. It seems like a mistake on ZDI or MS, but worth mentioning.\n\n## Updates for older vulners\n\nSo, that&#x27;s it for April Patch Tuesday. What about the interesting vulnerabilities from February and March?\n\n 1. CVE-2020-0796 - Windows SMBv3 Client/Server Remote Code Execution Vulnerability. New exploit now available for this vulnerability, it&#x27;s even in Metasplot. But it&#x27;s not the one you have probably waited for. It does not attack remote hosts, it&#x27;s [a local exploit for &quot;(hopefully privileged) payload execution&quot;](<https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/LOCAL/CVE_2020_0796_SMBGHOST>). \n**upd.** While I was working on this post I missed the news about CVE-2020-0796 RCE POC by Ricerca Security. The code is not available, here is [technical description](<https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html>) and [video](<https://vimeo.com/409855578>).\n 2. CVE-2020-0688 - Microsoft Exchange server &quot;single e-mail&quot; seizure. Exploit exists. Rapid7 made a [nice report](<https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/>) &quot;What we found was that **at least** 357,629 (82.5%) of the 433,464 Exchange servers we observed were known to be vulnerable.&quot;\n 3. CVE-2020-0684 - .LNK files processing. Nothing new.\n 4. CVE-2020-0662 - Mysterious Windows RCE. Nothing new.\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-26T01:24:38", "type": "avleonov", "title": "Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0662", "CVE-2020-0684", "CVE-2020-0687", "CVE-2020-0688", "CVE-2020-0699", "CVE-2020-0760", "CVE-2020-0784", "CVE-2020-0794", "CVE-2020-0796", "CVE-2020-0821", "CVE-2020-0835", "CVE-2020-0888", "CVE-2020-0889", "CVE-2020-0895", "CVE-2020-0899", "CVE-2020-0900", "CVE-2020-0906", "CVE-2020-0907", "CVE-2020-0910", "CVE-2020-0913", "CVE-2020-0917", "CVE-2020-0918", "CVE-2020-0919", "CVE-2020-0920", "CVE-2020-0923", "CVE-2020-0924", "CVE-2020-0925", "CVE-2020-0926", "CVE-2020-0927", "CVE-2020-0929", "CVE-2020-0930", "CVE-2020-0931", "CVE-2020-0932", "CVE-2020-0933", "CVE-2020-0934", "CVE-2020-0935", "CVE-2020-0936", "CVE-2020-0937", "CVE-2020-0938", "CVE-2020-0939", "CVE-2020-0940", "CVE-2020-0942", "CVE-2020-0943", "CVE-2020-0944", "CVE-2020-0945", "CVE-2020-0946", "CVE-2020-0947", "CVE-2020-0948", "CVE-2020-0949", "CVE-2020-0950", "CVE-2020-0952", "CVE-2020-0953", "CVE-2020-0954", "CVE-2020-0955", "CVE-2020-0956", "CVE-2020-0957", "CVE-2020-0958", "CVE-2020-0959", "CVE-2020-0960", "CVE-2020-0961", "CVE-2020-0962", "CVE-2020-0964", "CVE-2020-0965", "CVE-2020-0966", "CVE-2020-0967", "CVE-2020-0968", "CVE-2020-0969", "CVE-2020-0970", "CVE-2020-0971", "CVE-2020-0972", "CVE-2020-0973", "CVE-2020-0974", "CVE-2020-0975", "CVE-2020-0976", "CVE-2020-0977", "CVE-2020-0978", "CVE-2020-0979", "CVE-2020-0980", "CVE-2020-0981", "CVE-2020-0982", "CVE-2020-0983", "CVE-2020-0984", "CVE-2020-0985", "CVE-2020-0987", "CVE-2020-0988", "CVE-2020-0991", "CVE-2020-0992", "CVE-2020-0993", "CVE-2020-0994", "CVE-2020-0995", "CVE-2020-0996", "CVE-2020-0999", "CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1002", "CVE-2020-1003", "CVE-2020-1004", "CVE-2020-1005", "CVE-2020-1006", "CVE-2020-1007", "CVE-2020-1008", "CVE-2020-1009", "CVE-2020-1011", "CVE-2020-1014", "CVE-2020-1015", "CVE-2020-1016", "CVE-2020-1017", "CVE-2020-1018", "CVE-2020-1019", "CVE-2020-1020", "CVE-2020-1022", "CVE-2020-1026", "CVE-2020-1027", "CVE-2020-1029", "CVE-2020-1049", "CVE-2020-1050", "CVE-2020-1094"], "modified": "2020-04-26T01:24:38", "id": "AVLEONOV:6A714F9BC2BBE696D3586B2629169491", "href": "http://feedproxy.google.com/~r/avleonov/~3/0BOlzDUoVDc/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}