An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.
A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.
{"id": "MS:CVE-2020-1378", "bulletinFamily": "microsoft", "title": "Windows Registry Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.\n\nA locally authenticated attacker could exploit this vulnerability by running a specially crafted application.\n\nThe security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n", "published": "2020-08-11T07:00:00", "modified": "2020-08-11T07:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1378", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-1378"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-26T18:28:09", "edition": 1, "viewCount": 3, "enchantments": {"backreferences": {"references": [{"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["KLA11929", "KLA11931"], "type": "kaspersky"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"], "type": "avleonov"}, {"idList": ["CVE-2020-1378"], "type": "cve"}, {"idList": ["KB4558998", "KB4565536", "KB4565541"], "type": "mskb"}, {"idList": ["OPENVAS:1361412562311220201378"], "type": "openvas"}, {"idList": ["SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571692.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS20_AUG_4571709.NASL", "SMB_NT_MS20_AUG_4566782.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571730.NASL", "SMB_NT_MS20_AUG_4571741.NASL", "SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4565351.NASL"], "type": "nessus"}]}, "dependencies": {"references": [{"idList": ["KLA11929", "KLA11931"], "type": "kaspersky"}, {"idList": ["CVE-2020-1378", "CVE-2020-1377"], "type": "cve"}, {"idList": ["AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"], "type": "avleonov"}, {"idList": ["SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571692.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS20_AUG_4571709.NASL", "SMB_NT_MS20_AUG_4566782.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571730.NASL", "SMB_NT_MS20_AUG_4571741.NASL", "SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4565351.NASL"], "type": "nessus"}]}, "exploitation": null, "score": {"value": 3.8, "vector": "NONE"}, "vulnersScore": 3.8}, "_state": {"dependencies": 1666809388, "score": 1666809538}, "_internal": {"score_hash": "917b671103d6247cf2c65509eea099f2"}, "kbList": ["KB4571746", "KB4571692", "KB4571729", "KB4565349", "KB4565524", "KB4571730", "KB4558998", "KB4571741", "KB4571702", "KB4566782", "KB4565536", "KB4565511", "KB4565489", "KB4571709", "KB4571694", "KB4565541", "KB4571703", "KB4571723", "KB4565351", "KB4571736", "KB4565513", "KB4565508", "KB4565483", "KB4571719", "KB4565503", "KB4565537"], "msrc": "", "mscve": "CVE-2020-1378", "msAffectedSoftware": [{"kb": "KB4571703", "kbSupersedence": "KB4565541", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571723", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571694", "kbSupersedence": "KB4565511", "msplatform": "", "name": "windows 10 version 1607 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571736", "kbSupersedence": "KB4565537", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4566782", "kbSupersedence": "KB4565503", "msplatform": "", "name": "windows 10 version 2004 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571746", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4566782", "kbSupersedence": "KB4565503", "msplatform": "", "name": "windows 10 version 2004 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571709", "kbSupersedence": "KB4565489", "msplatform": "", "name": "windows 10 version 1803 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571723", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows 10 version 1903 for arm64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571746", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows 10 version 1909 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571729", "kbSupersedence": "KB4565524", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565349", "kbSupersedence": "KB4558998", "msplatform": "", "name": "windows 10 version 1809 for arm64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571702", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571746", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571694", "kbSupersedence": "KB4565511", "msplatform": "", "name": "windows 10 version 1607 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571729", "kbSupersedence": "KB4565524", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571730", "kbSupersedence": "KB4565536", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows server, version 1909 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows 10 version 1909 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565349", "kbSupersedence": "KB4558998", "msplatform": "", "name": "windows 10 version 1809 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571709", "kbSupersedence": "KB4565489", "msplatform": "", "name": "windows 10 version 1803 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571702", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571703", "kbSupersedence": "KB4565541", "msplatform": "", "name": "windows rt 8.1", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571729", "kbSupersedence": "KB4565524", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571746", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571741", "kbSupersedence": "KB4565508", "msplatform": "", "name": "windows 10 version 1709 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571723", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571692", "kbSupersedence": "KB4565513", "msplatform": "", "name": "windows 10 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4566782", "kbSupersedence": "KB4565503", "msplatform": "", "name": "windows 10 version 2004 for arm64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571730", "kbSupersedence": "KB4565536", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571703", "kbSupersedence": "KB4565541", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows 10 version 1903 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565349", "kbSupersedence": "KB4558998", "msplatform": "", "name": "windows server 2019 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571723", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows server, version 1903 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571719", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571719", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571709", "kbSupersedence": "KB4565489", "msplatform": "", "name": "windows 10 version 1803 for arm64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571741", "kbSupersedence": "KB4565508", "msplatform": "", "name": "windows 10 version 1709 for arm64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571730", "kbSupersedence": "KB4565536", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571694", "kbSupersedence": "KB4565511", "msplatform": "", "name": "windows server 2016", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571730", "kbSupersedence": "KB4565536", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows 10 version 1903 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571719", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565351", "kbSupersedence": "KB4565483", "msplatform": "", "name": "windows 10 version 1909 for arm64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565349", "kbSupersedence": "KB4558998", "msplatform": "", "name": "windows 10 version 1809 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4566782", "kbSupersedence": "KB4565503", "msplatform": "", "name": "windows server, version 2004 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571719", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571729", "kbSupersedence": "KB4565524", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571741", "kbSupersedence": "KB4565508", "msplatform": "", "name": "windows 10 version 1709 for 32-bit systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571736", "kbSupersedence": "KB4565537", "msplatform": "", "name": "windows server 2012", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4565349", "kbSupersedence": "KB4558998", "msplatform": "", "name": "windows server 2019", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571703", "kbSupersedence": "KB4565541", "msplatform": "", "name": "windows server 2012 r2", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571694", "kbSupersedence": "KB4565511", "msplatform": "", "name": "windows server 2016 (server core installation)", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571703", "kbSupersedence": "KB4565541", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "lt", "version": "2020-Aug"}, {"kb": "KB4571692", "kbSupersedence": "KB4565513", "msplatform": "", "name": "windows 10 for x64-based systems", "operator": "lt", "version": "2020-Aug"}], "vendorCvss": {"baseScore": "7.8", "temporalScore": "7.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}
{"cnvd": [{"lastseen": "2022-11-05T09:34:29", "description": "Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server. The vulnerability stems from the fact that the Windows Kernel API does not properly handle registry objects in memory, and an attacker could exploit the vulnerability to gain elevated privileges by running a specially crafted application.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73130)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1378"], "modified": "2021-09-24T00:00:00", "id": "CNVD-2021-73130", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-73130", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-05-03T15:27:34", "description": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1378.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-17T19:15:00", "type": "cve", "title": "CVE-2020-1377", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1377", "CVE-2020-1378"], "modified": "2022-05-03T13:02:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:1909"], "id": "CVE-2020-1377", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1377", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"]}, {"lastseen": "2022-05-03T15:27:33", "description": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1377.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-17T19:15:00", "type": "cve", "title": "CVE-2020-1378", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1377", "CVE-2020-1378"], "modified": "2022-05-03T13:00:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:1909"], "id": "CVE-2020-1378", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1378", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T15:18:46", "description": "The remote Windows host is missing security update 4571746 or cumulative update 4571730. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1570)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571746: Windows Server 2008 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1489", "CVE-2020-1515", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1587"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571730.NASL", "href": "https://www.tenable.com/plugins/nessus/139492", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139492);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1489\",\n \"CVE-2020-1515\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571746\");\n script_xref(name:\"MSKB\", value:\"4571730\");\n script_xref(name:\"MSFT\", value:\"MS20-4571746\");\n script_xref(name:\"MSFT\", value:\"MS20-4571730\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571746: Windows Server 2008 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571746\nor cumulative update 4571730. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1570)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571746/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75ab5b7a\");\n # https://support.microsoft.com/en-us/help/4571730/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87c93762\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571746 or Cumulative Update KB4571730.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1339\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571730',\n '4571746'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571730, 4571746])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:43", "description": "The remote Windows host is missing security update 4571702 or cumulative update 4571736. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571702: Windows Server 2012 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1509", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571736.NASL", "href": "https://www.tenable.com/plugins/nessus/139493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139493);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571702\");\n script_xref(name:\"MSKB\", value:\"4571736\");\n script_xref(name:\"MSFT\", value:\"MS20-4571702\");\n script_xref(name:\"MSFT\", value:\"MS20-4571736\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4571702: Windows Server 2012 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571702\nor cumulative update 4571736. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571736/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0551e21\");\n # https://support.microsoft.com/en-us/help/4571702/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ece3db7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571702 or Cumulative Update KB4571736.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571736',\n '4571702'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571736, 4571702])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:19:21", "description": "The remote Windows host is missing security update 4571719 or cumulative update 4571729. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1489", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1552", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571729.NASL", "href": "https://www.tenable.com/plugins/nessus/139491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139491);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1489\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1552\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571719\");\n script_xref(name:\"MSKB\", value:\"4571729\");\n script_xref(name:\"MSFT\", value:\"MS20-4571719\");\n script_xref(name:\"MSFT\", value:\"MS20-4571729\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571719\nor cumulative update 4571729. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571729/windows-7-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571719/windows-7-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571719 or Cumulative Update KB4571729.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571729',\n '4571719'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571729, 4571719])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:01", "description": "The remote Windows host is missing security update 4571723 or cumulative update 4571703. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1538", "CVE-2020-1552", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571703.NASL", "href": "https://www.tenable.com/plugins/nessus/139489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139489);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1538\",\n \"CVE-2020-1552\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571703\");\n script_xref(name:\"MSKB\", value:\"4571723\");\n script_xref(name:\"MSFT\", value:\"MS20-4571703\");\n script_xref(name:\"MSFT\", value:\"MS20-4571723\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571723\nor cumulative update 4571703. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571723/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571703/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571723 or Cumulative Update KB4571703.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571703',\n '4571723'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (!\n (smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571703, 4571723])\n )\n)\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\nelse\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:24", "description": "The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571694.NASL", "href": "https://www.tenable.com/plugins/nessus/139488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139488);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4571694\");\n script_xref(name:\"MSFT\", value:\"MS20-4571694\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571694/windows-10-update-kb4571694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1446acfc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571694.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571694'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571694])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:44", "description": "The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571692: Windows 10 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571692.NASL", "href": "https://www.tenable.com/plugins/nessus/139487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139487);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571692\");\n script_xref(name:\"MSFT\", value:\"MS20-4571692\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571692: Windows 10 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571692/windows-10-update-kb4571692\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?481aa152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571692.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571692'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571692])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-12T15:08:03", "description": "The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571741: Windows 10 Version 1709 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571741.NASL", "href": "https://www.tenable.com/plugins/nessus/139494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139494);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571741\");\n script_xref(name:\"MSFT\", value:\"MS20-4571741\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571741: Windows 10 Version 1709 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571741/windows-10-update-kb4571741\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9371bc74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571741'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571741])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:41", "description": "The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4565349.NASL", "href": "https://www.tenable.com/plugins/nessus/139484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139484);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4565349\");\n script_xref(name:\"MSFT\", value:\"MS20-4565349\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n\n script_name(english:\"KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4565349/windows-10-update-kb4565349\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5b03d5e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565349.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4565349');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565349])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-12T15:08:47", "description": "The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4571709: Windows 10 Version 1803 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1046", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1464", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571709.NASL", "href": "https://www.tenable.com/plugins/nessus/139490", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139490);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571709\");\n script_xref(name:\"MSFT\", value:\"MS20-4571709\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4571709: Windows 10 Version 1803 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571709/windows-10-update-kb4571709\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3c857b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571709.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571709'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571709])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-12T15:08:27", "description": "The remote Windows host is missing security update 4566782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka " ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4566782: Windows 10 Version 2004 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1459", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4566782.NASL", "href": "https://www.tenable.com/plugins/nessus/139486", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139486);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1459\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4566782\");\n script_xref(name:\"MSFT\", value:\"MS20-4566782\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4566782: Windows 10 Version 2004 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4566782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM\n implementations that use speculative execution in\n control flow via a side-channel analysis, aka "\n ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fd4a47c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4566782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4566782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4566782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-12T15:08:26", "description": "The remote Windows host is missing security update 4565351.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka " ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.\n (CVE-2020-1464)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "nessus", "title": "KB4565351: Windows 10 Version 1903 and Windows 10 Version 1909 August 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1459", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4565351.NASL", "href": "https://www.tenable.com/plugins/nessus/139485", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139485);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1459\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4565351\");\n script_xref(name:\"MSFT\", value:\"MS20-4565351\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n\n script_name(english:\"KB4565351: Windows 10 Version 1903 and Windows 10 Version 1909 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565351.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM\n implementations that use speculative execution in\n control flow via a side-channel analysis, aka "\n ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4565351/windows-10-update-kb4565351\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a2c32c0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565351.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4565351');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565351])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565351])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2022-05-16T17:32:51", "description": "### *Detect date*:\n08/11/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nInternet Explorer 9 \nWindows Server, version 2004 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 2004 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server, version 1909 (Server Core installation) \nInternet Explorer 11 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2016 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2019 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2012 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1903 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1379](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1379>) \n[CVE-2020-1537](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1537>) \n[CVE-2020-1383](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1383>) \n[CVE-2020-1475](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1475>) \n[CVE-2020-1545](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1545>) \n[CVE-2020-1579](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1579>) \n[CVE-2020-1470](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1470>) \n[CVE-2020-1570](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1570>) \n[CVE-2020-1536](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1536>) \n[CVE-2020-1577](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1577>) \n[CVE-2020-1552](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1552>) \n[CVE-2020-1535](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1535>) \n[CVE-2020-1473](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1473>) \n[CVE-2020-1551](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1551>) \n[CVE-2020-1530](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1530>) \n[CVE-2020-1474](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1474>) \n[CVE-2020-1518](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1518>) \n[CVE-2020-1519](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1519>) \n[CVE-2020-1516](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1516>) \n[CVE-2020-1478](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1478>) \n[CVE-2020-1558](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1558>) \n[CVE-2020-1515](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1515>) \n[CVE-2020-1538](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1538>) \n[CVE-2020-1539](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1539>) \n[CVE-2020-1557](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1557>) \n[CVE-2020-1554](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1554>) \n[CVE-2020-1472](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1472>) \n[CVE-2020-1517](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1517>) \n[CVE-2020-1484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1484>) \n[CVE-2020-1485](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1485>) \n[CVE-2020-1486](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1486>) \n[CVE-2020-1544](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1544>) \n[CVE-2020-1529](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1529>) \n[CVE-2020-1584](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1584>) \n[CVE-2020-1587](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1587>) \n[CVE-2020-1377](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1377>) \n[CVE-2020-1477](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1477>) \n[CVE-2020-1339](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1339>) \n[CVE-2020-1567](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1567>) \n[CVE-2020-1337](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1337>) \n[CVE-2020-1378](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1378>) \n[CVE-2020-1564](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1564>) \n[CVE-2020-1562](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1562>) \n[CVE-2020-1513](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1513>) \n[CVE-2020-1541](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1541>) \n[CVE-2020-1540](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1540>) \n[CVE-2020-1543](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1543>) \n[CVE-2020-1542](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1542>) \n[CVE-2020-1534](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1534>) \n[CVE-2020-1467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1467>) \n[CVE-2020-1464](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1464>) \n[CVE-2020-1546](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1546>) \n[CVE-2020-1547](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1547>) \n[CVE-2020-1520](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1520>) \n[CVE-2020-1489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1489>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1379>)6.8High \n[CVE-2020-1537](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1537>)4.6Warning \n[CVE-2020-1383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1383>)2.1Warning \n[CVE-2020-1475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1475>)4.6Warning \n[CVE-2020-1545](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1545>)4.6Warning \n[CVE-2020-1579](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1579>)7.2High \n[CVE-2020-1470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1470>)4.6Warning \n[CVE-2020-1570](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1570>)7.6Critical \n[CVE-2020-1536](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1536>)4.6Warning \n[CVE-2020-1577](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1577>)4.3Warning \n[CVE-2020-1552](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1552>)6.8High \n[CVE-2020-1535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1535>)4.6Warning \n[CVE-2020-1473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1473>)6.8High \n[CVE-2020-1551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1551>)4.6Warning \n[CVE-2020-1530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1530>)4.6Warning \n[CVE-2020-1474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1474>)2.1Warning \n[CVE-2020-1518](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1518>)4.6Warning \n[CVE-2020-1519](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1519>)4.6Warning \n[CVE-2020-1516](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1516>)4.6Warning \n[CVE-2020-1478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1478>)6.8High \n[CVE-2020-1558](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1558>)9.3Critical \n[CVE-2020-1515](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1515>)4.6Warning \n[CVE-2020-1538](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1538>)4.6Warning \n[CVE-2020-1539](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1539>)4.6Warning \n[CVE-2020-1557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1557>)9.3Critical \n[CVE-2020-1554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1554>)6.8High \n[CVE-2020-1472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472>)9.3Critical \n[CVE-2020-1517](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1517>)4.6Warning \n[CVE-2020-1484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1484>)4.6Warning \n[CVE-2020-1485](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1485>)2.1Warning \n[CVE-2020-1486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1486>)7.2High \n[CVE-2020-1544](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1544>)4.6Warning \n[CVE-2020-1529](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1529>)7.2High \n[CVE-2020-1584](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1584>)7.2High \n[CVE-2020-1587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1587>)7.2High \n[CVE-2020-1377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1377>)7.2High \n[CVE-2020-1477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1477>)6.8High \n[CVE-2020-1339](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1339>)9.3Critical \n[CVE-2020-1567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1567>)7.6Critical \n[CVE-2020-1337](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1337>)7.2High \n[CVE-2020-1378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1378>)7.2High \n[CVE-2020-1564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1564>)9.3Critical \n[CVE-2020-1562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1562>)9.3Critical \n[CVE-2020-1513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1513>)4.6Warning \n[CVE-2020-1541](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1541>)4.6Warning \n[CVE-2020-1540](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1540>)4.6Warning \n[CVE-2020-1543](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1543>)4.6Warning \n[CVE-2020-1542](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1542>)4.6Warning \n[CVE-2020-1534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1534>)6.8High \n[CVE-2020-1467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1467>)7.2High \n[CVE-2020-1464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1464>)2.1Warning \n[CVE-2020-1546](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1546>)4.6Warning \n[CVE-2020-1547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1547>)4.6Warning \n[CVE-2020-1520](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1520>)7.2High \n[CVE-2020-1489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1489>)4.6Warning\n\n### *KB list*:\n[4571729](<http://support.microsoft.com/kb/4571729>) \n[4571687](<http://support.microsoft.com/kb/4571687>) \n[4571719](<http://support.microsoft.com/kb/4571719>) \n[4571730](<http://support.microsoft.com/kb/4571730>) \n[4571746](<http://support.microsoft.com/kb/4571746>) \n[4601347](<http://support.microsoft.com/kb/4601347>) \n[4601363](<http://support.microsoft.com/kb/4601363>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "kaspersky", "title": "KLA11929 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1383", "CVE-2020-1464", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1489", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1554", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1567", "CVE-2020-1570", "CVE-2020-1577", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1587"], "modified": "2022-05-05T00:00:00", "id": "KLA11929", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11929/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-16T17:32:41", "description": "### *Detect date*:\n08/11/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, , obtain sensitive information, spoof user interface, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server, version 2004 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 2004 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2016 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2019 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2012 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1903 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1492](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1492>) \n[CVE-2020-1490](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1490>) \n[CVE-2020-1552](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1552>) \n[CVE-2020-1553](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1553>) \n[CVE-2020-1550](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1550>) \n[CVE-2020-1551](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1551>) \n[CVE-2020-1556](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1556>) \n[CVE-2020-1557](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1557>) \n[CVE-2020-1554](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1554>) \n[CVE-2020-1558](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1558>) \n[CVE-2020-1417](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1417>) \n[CVE-2020-1488](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1488>) \n[CVE-2020-1489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1489>) \n[CVE-2020-1484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1484>) \n[CVE-2020-1485](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1485>) \n[CVE-2020-1486](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1486>) \n[CVE-2020-1487](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1487>) \n[CVE-2020-1480](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1480>) \n[CVE-2020-1566](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1566>) \n[CVE-2020-1565](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1565>) \n[CVE-2020-1564](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1564>) \n[CVE-2020-1562](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1562>) \n[CVE-2020-1561](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1561>) \n[CVE-2020-1560](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1560>) \n[CVE-2020-1578](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1578>) \n[CVE-2020-1579](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1579>) \n[CVE-2020-1571](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1571>) \n[CVE-2020-1574](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1574>) \n[CVE-2020-1577](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1577>) \n[CVE-2020-1470](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1470>) \n[CVE-2020-1473](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1473>) \n[CVE-2020-1472](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1472>) \n[CVE-2020-1475](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1475>) \n[CVE-2020-1474](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1474>) \n[CVE-2020-1477](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1477>) \n[CVE-2020-1479](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1479>) \n[CVE-2020-1478](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1478>) \n[CVE-2020-1585](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1585>) \n[CVE-2020-1584](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1584>) \n[CVE-2020-1587](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1587>) \n[CVE-2020-1339](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1339>) \n[CVE-2020-1337](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1337>) \n[CVE-2020-1509](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1509>) \n[CVE-2020-1467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1467>) \n[CVE-2020-1464](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1464>) \n[CVE-2020-1383](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1383>) \n[CVE-2020-1459](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1459>) \n[CVE-2020-1518](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1518>) \n[CVE-2020-1519](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1519>) \n[CVE-2020-1516](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1516>) \n[CVE-2020-1517](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1517>) \n[CVE-2020-1515](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1515>) \n[CVE-2020-1512](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1512>) \n[CVE-2020-1513](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1513>) \n[CVE-2020-1510](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1510>) \n[CVE-2020-1511](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1511>) \n[CVE-2020-1529](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1529>) \n[CVE-2020-1528](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1528>) \n[CVE-2020-1522](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1522>) \n[CVE-2020-1521](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1521>) \n[CVE-2020-1520](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1520>) \n[CVE-2020-1527](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1527>) \n[CVE-2020-1526](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1526>) \n[CVE-2020-1525](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1525>) \n[CVE-2020-1524](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1524>) \n[CVE-2020-1534](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1534>) \n[CVE-2020-1535](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1535>) \n[CVE-2020-1536](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1536>) \n[CVE-2020-1537](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1537>) \n[CVE-2020-1530](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1530>) \n[CVE-2020-1531](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1531>) \n[CVE-2020-1533](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1533>) \n[CVE-2020-1466](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1466>) \n[CVE-2020-1538](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1538>) \n[CVE-2020-1539](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1539>) \n[CVE-2020-1377](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1377>) \n[CVE-2020-1378](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1378>) \n[CVE-2020-1379](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1379>) \n[CVE-2020-1541](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1541>) \n[CVE-2020-1540](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1540>) \n[CVE-2020-1543](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1543>) \n[CVE-2020-1542](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1542>) \n[CVE-2020-1545](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1545>) \n[CVE-2020-1544](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1544>) \n[CVE-2020-1547](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1547>) \n[CVE-2020-1546](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1546>) \n[CVE-2020-1549](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1549>) \n[CVE-2020-1548](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1548>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-1488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1488>)4.6Warning \n[CVE-2020-1379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1379>)6.8High \n[CVE-2020-1537](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1537>)4.6Warning \n[CVE-2020-1383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1383>)2.1Warning \n[CVE-2020-1475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1475>)4.6Warning \n[CVE-2020-1545](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1545>)4.6Warning \n[CVE-2020-1579](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1579>)7.2High \n[CVE-2020-1470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1470>)4.6Warning \n[CVE-2020-1536](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1536>)4.6Warning \n[CVE-2020-1577](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1577>)4.3Warning \n[CVE-2020-1552](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1552>)6.8High \n[CVE-2020-1535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1535>)4.6Warning \n[CVE-2020-1473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1473>)6.8High \n[CVE-2020-1551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1551>)4.6Warning \n[CVE-2020-1530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1530>)4.6Warning \n[CVE-2020-1474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1474>)2.1Warning \n[CVE-2020-1518](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1518>)4.6Warning \n[CVE-2020-1519](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1519>)4.6Warning \n[CVE-2020-1516](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1516>)4.6Warning \n[CVE-2020-1478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1478>)6.8High \n[CVE-2020-1558](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1558>)9.3Critical \n[CVE-2020-1515](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1515>)4.6Warning \n[CVE-2020-1538](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1538>)4.6Warning \n[CVE-2020-1539](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1539>)4.6Warning \n[CVE-2020-1557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1557>)9.3Critical \n[CVE-2020-1554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1554>)6.8High \n[CVE-2020-1472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472>)9.3Critical \n[CVE-2020-1517](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1517>)4.6Warning \n[CVE-2020-1484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1484>)4.6Warning \n[CVE-2020-1485](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1485>)2.1Warning \n[CVE-2020-1486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1486>)7.2High \n[CVE-2020-1544](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1544>)4.6Warning \n[CVE-2020-1529](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1529>)7.2High \n[CVE-2020-1584](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1584>)7.2High \n[CVE-2020-1587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1587>)7.2High \n[CVE-2020-1377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1377>)7.2High \n[CVE-2020-1477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1477>)6.8High \n[CVE-2020-1339](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1339>)9.3Critical \n[CVE-2020-1337](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1337>)7.2High \n[CVE-2020-1378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1378>)7.2High \n[CVE-2020-1564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1564>)9.3Critical \n[CVE-2020-1562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1562>)9.3Critical \n[CVE-2020-1513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1513>)4.6Warning \n[CVE-2020-1541](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1541>)4.6Warning \n[CVE-2020-1540](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1540>)4.6Warning \n[CVE-2020-1543](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1543>)4.6Warning \n[CVE-2020-1542](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1542>)4.6Warning \n[CVE-2020-1534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1534>)6.8High \n[CVE-2020-1467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1467>)7.2High \n[CVE-2020-1464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1464>)2.1Warning \n[CVE-2020-1546](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1546>)4.6Warning \n[CVE-2020-1547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1547>)4.6Warning \n[CVE-2020-1520](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1520>)7.2High \n[CVE-2020-1489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1489>)4.6Warning \n[CVE-2020-1492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1492>)6.8High \n[CVE-2020-1490](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1490>)4.6Warning \n[CVE-2020-1553](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1553>)4.6Warning \n[CVE-2020-1550](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1550>)7.2High \n[CVE-2020-1556](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1556>)4.6Warning \n[CVE-2020-1417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1417>)7.2High \n[CVE-2020-1487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1487>)4.3Warning \n[CVE-2020-1480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1480>)7.2High \n[CVE-2020-1566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1566>)7.2High \n[CVE-2020-1565](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1565>)4.6Warning \n[CVE-2020-1561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1561>)9.3Critical \n[CVE-2020-1560](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1560>)6.9High \n[CVE-2020-1578](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1578>)1.9Warning \n[CVE-2020-1571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1571>)7.2High \n[CVE-2020-1574](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1574>)6.9High \n[CVE-2020-1479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1479>)7.2High \n[CVE-2020-1585](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1585>)6.8High \n[CVE-2020-1509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1509>)6.5High \n[CVE-2020-1459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1459>)2.1Warning \n[CVE-2020-1512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1512>)4.3Warning \n[CVE-2020-1510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1510>)4.3Warning \n[CVE-2020-1511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1511>)4.6Warning \n[CVE-2020-1528](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1528>)6.8High \n[CVE-2020-1522](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1522>)4.6Warning \n[CVE-2020-1521](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1521>)4.6Warning \n[CVE-2020-1527](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1527>)4.6Warning \n[CVE-2020-1526](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1526>)4.6Warning \n[CVE-2020-1525](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1525>)6.8High \n[CVE-2020-1524](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1524>)4.6Warning \n[CVE-2020-1531](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1531>)6.8High \n[CVE-2020-1533](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1533>)4.6Warning \n[CVE-2020-1466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1466>)5.0Critical \n[CVE-2020-1549](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1549>)7.2High \n[CVE-2020-1548](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1548>)2.1Warning\n\n### *KB list*:\n[4571692](<http://support.microsoft.com/kb/4571692>) \n[4571694](<http://support.microsoft.com/kb/4571694>) \n[4571709](<http://support.microsoft.com/kb/4571709>) \n[4566782](<http://support.microsoft.com/kb/4566782>) \n[4571723](<http://support.microsoft.com/kb/4571723>) \n[4571703](<http://support.microsoft.com/kb/4571703>) \n[4571702](<http://support.microsoft.com/kb/4571702>) \n[4565349](<http://support.microsoft.com/kb/4565349>) \n[4571736](<http://support.microsoft.com/kb/4571736>) \n[4571741](<http://support.microsoft.com/kb/4571741>) \n[4565351](<http://support.microsoft.com/kb/4565351>) \n[4578013](<http://support.microsoft.com/kb/4578013>) \n[4601319](<http://support.microsoft.com/kb/4601319>) \n[4601315](<http://support.microsoft.com/kb/4601315>) \n[4601345](<http://support.microsoft.com/kb/4601345>) \n[4601357](<http://support.microsoft.com/kb/4601357>) \n[4601348](<http://support.microsoft.com/kb/4601348>) \n[4601318](<http://support.microsoft.com/kb/4601318>) \n[4601384](<http://support.microsoft.com/kb/4601384>) \n[4601349](<http://support.microsoft.com/kb/4601349>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-11T00:00:00", "type": "kaspersky", "title": "KLA11931 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1459", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1560", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1571", "CVE-2020-1574", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1584", "CVE-2020-1585", "CVE-2020-1587"], "modified": "2022-05-05T00:00:00", "id": "KLA11931", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11931/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2020-08-30T20:06:45", "description": "This time I would like to review not only the vulnerabilities that were published in the last August Microsoft Patch Tuesday, but also the CVEs that were published on other, not Patch Tuesday, days. Of course, if there are any.\n\n\n\nBut let's start with the vulnerabilities that were presented on MS Patch Tuesday on August 11th. There were 120 vulnerabilities: 17 of them are Critical and 103 Important. My [vulristics script](<https://github.com/leonov-av/vulristics/blob/master/report_ms_patch_tuesday_exploits.py>) could not find public exploits for these vulnerabilities on Vulners.com.\n\nFor the first time in a long time, there were 2 Exploitation Detected vulnerabilities.\n\n### Exploitation detected (2)\n\n#### Remote Code Execution\n\n * Internet Explorer ([CVE-2020-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380>))\n\n#### Spoofing\n\n * Windows ([CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>))\n\nWindows spoofing ([CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>)) is good for phishing. "In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded."\n\nRCE in Internet Explorer ([CVE-2020-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380>)) might be interesting in the context of "An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine". \n\n### Exploitation more likely (8)\n\n#### Remote Code Execution\n\n * Internet Explorer ([CVE-2020-1570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570>))\n * MSHTML Engine ([CVE-2020-1567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567>))\n\n#### Elevation of Privilege\n\n * Windows Ancillary Function Driver for WinSock ([CVE-2020-1587](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1587>))\n * Windows GDI ([CVE-2020-1480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1480>), [CVE-2020-1529](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1529>))\n * Windows Kernel ([CVE-2020-1566](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1566>))\n * Windows dnsrslvr.dll ([CVE-2020-1584](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1584>))\n\n#### Information Disclosure\n\n * Windows Kernel ([CVE-2020-1578](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1578>))\n\nFor some reason, all VM vendors ignored Exploitation more likely vulnerabilities this time. Although RCE in Internet Explorer ([CVE-2020-1570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570>)) and MSHTML Engine ([CVE-2020-1567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567>)) may be interesting.\n\n### Other Product based (31)\n\n#### Media Foundation\n\n * Memory Corruption ([CVE-2020-1478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1478>), [CVE-2020-1379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379>), [CVE-2020-1477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1477>), [CVE-2020-1492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1492>), [CVE-2020-1525](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1525>), [CVE-2020-1554](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1554>))\n * Information Disclosure ([CVE-2020-1487](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1487>))\n\n#### Microsoft Excel\n\n * Remote Code Execution ([CVE-2020-1494](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1494>), [CVE-2020-1495](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1495>), [CVE-2020-1496](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1496>), [CVE-2020-1498](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1498>), [CVE-2020-1504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1504>))\n * Information Disclosure ([CVE-2020-1497](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1497>))\n\n#### Microsoft SharePoint\n\n * Information Disclosure ([CVE-2020-1505](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505>))\n * Cross Site Scripting ([CVE-2020-1573](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573>), [CVE-2020-1580](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580>))\n * Spoofing ([CVE-2020-1499](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499>), [CVE-2020-1500](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1500>), [CVE-2020-1501](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501>))\n\n#### Windows Backup Engine\n\n * Elevation of Privilege ([CVE-2020-1535](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1535>), [CVE-2020-1536](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1536>), [CVE-2020-1539](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1539>), [CVE-2020-1540](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1540>), [CVE-2020-1541](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1541>), [CVE-2020-1542](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1542>), [CVE-2020-1543](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1543>), [CVE-2020-1544](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1544>), [CVE-2020-1545](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1545>), [CVE-2020-1546](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1546>), [CVE-2020-1547](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1547>), [CVE-2020-1551](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1551>))\n\nThis time, the products with the most vulnerabilities are Media Foundation, Microsoft Excel, Microsoft SharePoint and Windows Backup Engine. VM vendors pay attention to Memory Corruption (in fact RCE) in Media Foundation, RCE in Microsoft Excel and Elevation of Privilege in Windows Backup Engine.\n\n### Other Vulnerability Type based (79)\n\n#### Remote Code Execution\n\n * .NET Framework ([CVE-2020-1046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046>))\n * Jet Database Engine ([CVE-2020-1473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1473>), [CVE-2020-1557](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1557>), [CVE-2020-1558](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1558>), [CVE-2020-1564](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1564>))\n * Microsoft Access ([CVE-2020-1582](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1582>))\n * Microsoft Edge ([CVE-2020-1569](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1569>))\n * Microsoft Edge PDF ([CVE-2020-1568](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1568>))\n * Microsoft Graphics Components ([CVE-2020-1561](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1561>), [CVE-2020-1562](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1562>))\n * Microsoft Office ([CVE-2020-1563](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1563>))\n * Microsoft Outlook ([CVE-2020-1483](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1483>))\n * Microsoft Windows Codecs Library ([CVE-2020-1560](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1560>), [CVE-2020-1574](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574>), [CVE-2020-1585](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1585>))\n * Scripting Engine ([CVE-2020-1555](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1555>))\n * Visual Studio Code ([CVE-2020-0604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0604>))\n * Windows Font Driver Host ([CVE-2020-1520](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1520>))\n * Windows Media ([CVE-2020-1339](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339>))\n\n#### Denial of Service\n\n * ASP.NET Core ([CVE-2020-1597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597>))\n * Microsoft SQL Server Management Studio ([CVE-2020-1455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455>))\n * Windows Remote Desktop Gateway (RD Gateway) ([CVE-2020-1466](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1466>))\n\n#### Elevation of Privilege\n\n * ASP.NET and .NET ([CVE-2020-1476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476>))\n * Connected User Experiences and Telemetry Service ([CVE-2020-1511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1511>))\n * DirectX ([CVE-2020-1479](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1479>))\n * Local Security Authority Subsystem Service ([CVE-2020-1509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509>))\n * Microsoft Office Click-to-Run ([CVE-2020-1581](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581>))\n * Netlogon ([CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>))\n * Windows ([CVE-2020-1565](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1565>))\n * Windows Accounts Control ([CVE-2020-1531](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1531>))\n * Windows AppX Deployment Extensions ([CVE-2020-1488](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1488>))\n * Windows Backup Service ([CVE-2020-1534](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1534>))\n * Windows CDP User Components ([CVE-2020-1549](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1549>), [CVE-2020-1550](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1550>))\n * Windows CSC Service ([CVE-2020-1489](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1489>), [CVE-2020-1513](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1513>))\n * Windows Custom Protocol Engine ([CVE-2020-1527](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1527>))\n * Windows File Server Resource Management Service ([CVE-2020-1517](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1517>), [CVE-2020-1518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1518>))\n * Windows Function Discovery SSDP Provider ([CVE-2020-1579](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1579>))\n * Windows Hard Link ([CVE-2020-1467](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1467>))\n * Windows Kernel ([CVE-2020-1417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1417>), [CVE-2020-1486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1486>))\n * Windows Network Connection Broker ([CVE-2020-1526](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1526>))\n * Windows Print Spooler ([CVE-2020-1337](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337>))\n * Windows Radio Manager API ([CVE-2020-1528](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1528>))\n * Windows Registry ([CVE-2020-1377](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1377>), [CVE-2020-1378](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1378>))\n * Windows Remote Access ([CVE-2020-1530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1530>), [CVE-2020-1537](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1537>))\n * Windows Runtime ([CVE-2020-1553](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1553>))\n * Windows Server Resource Management Service ([CVE-2020-1475](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1475>))\n * Windows Setup ([CVE-2020-1571](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1571>))\n * Windows Speech Runtime ([CVE-2020-1521](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1521>), [CVE-2020-1522](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1522>))\n * Windows Speech Shell Components ([CVE-2020-1524](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1524>))\n * Windows Storage Service ([CVE-2020-1490](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1490>))\n * Windows Telephony Server ([CVE-2020-1515](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1515>))\n * Windows UPnP Device Host ([CVE-2020-1519](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1519>), [CVE-2020-1538](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1538>))\n * Windows WalletService ([CVE-2020-1533](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1533>), [CVE-2020-1556](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1556>))\n * Windows Work Folder Service ([CVE-2020-1552](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1552>))\n * Windows Work Folders Service ([CVE-2020-1470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1470>), [CVE-2020-1484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1484>), [CVE-2020-1516](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1516>))\n\n#### Information Disclosure\n\n * DirectWrite ([CVE-2020-1577](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1577>))\n * Microsoft Outlook ([CVE-2020-1493](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493>))\n * Microsoft Word ([CVE-2020-1502](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502>), [CVE-2020-1503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503>), [CVE-2020-1583](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583>))\n * Windows ARM ([CVE-2020-1459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1459>))\n * Windows Image Acquisition Service ([CVE-2020-1474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1474>), [CVE-2020-1485](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1485>))\n * Windows Kernel ([CVE-2020-1510](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1510>))\n * Windows RRAS Service ([CVE-2020-1383](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1383>))\n * Windows State Repository Service ([CVE-2020-1512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1512>))\n * Windows WaasMedic Service ([CVE-2020-1548](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1548>))\n\n#### Cross Site Scripting\n\n * Microsoft Dynamics 365 (On-Premise) ([CVE-2020-1591](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1591>))\n\nIf we look at the rest of the vulnerabilities, the most interesting are RCEs in Jet Database Engine ([CVE-2020-1473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1473>), [CVE-2020-1557](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1557>), [CVE-2020-1558](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1558>), [CVE-2020-1564](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1564>)), Microsoft Edge PDF ([CVE-2020-1568](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1568>)), Microsoft Windows Codecs Library ([CVE-2020-1560](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1560>), [CVE-2020-1574](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574>), [CVE-2020-1585](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1585>)) and Windows Media ([CVE-2020-1339](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339>)). \n\nThe second block is Elevation of Privilege in Local Security Authority Subsystem Service (LSASS) ([CVE-2020-1509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509>)), Windows Print Spooler ([CVE-2020-1337](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337>)) and Netlogon ([CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>)). For the last one "an unauthenticated attacker could use MS-NRPC to connect to a domain controller as a domain administrator".\n\n## Other vulnerabilities\n\nNow let's take a look at the vulnerabilities that were released from 07/15/2020 to 08/27/2020 excluding the August Patch Tuesday. I added support for such exceptions in report_ms_patch_tuesday.py in Vulristics. In fact, there were very few CVE vulnerabilities outside the Patch Tuesday.\n\n### Other Vulnerability Type based (2)\n\n#### Remote Code Execution\n\n * Microsoft Dynamics 365 for Finance and Operations (on-premises) ([CVE-2020-1182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1182>))\n\n#### Elevation of Privilege\n\n * Microsoft Edge (Chromium-based) ([CVE-2020-1341](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1341>))\n\nRCE in on-premises Microsoft Dynamics 365 for Finance and Operations. "An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server".\n\nElevation of Privilege in Microsoft Edge. "To exploit the vulnerability, the user must browse to a malicious website that is design to download a DLL file and click on the page to being the process". But this vulnerability is surprisingly low-critical, only Moderate.\n\nYou may have heard about Microsoft unscheduled update to Windows Remote Access Elevation of Privilege released August 20. But it was about the same vulnerabilities ([CVE-2020-1530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1530>), [CVE-2020-1537](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1537>)) that were presented in August Patch Tuesday, but fixes this vulnerability for older OS versions: Windows 8.1, RT 8.1, and Server 2012 R2.\n\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-30T22:13:56", "type": "avleonov", "title": "Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0604", "CVE-2020-1046", "CVE-2020-1182", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1341", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1455", "CVE-2020-1459", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1483", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1493", "CVE-2020-1494", "CVE-2020-1495", "CVE-2020-1496", "CVE-2020-1497", "CVE-2020-1498", "CVE-2020-1499", "CVE-2020-1500", "CVE-2020-1501", "CVE-2020-1502", "CVE-2020-1503", "CVE-2020-1504", "CVE-2020-1505", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1560", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1563", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1571", "CVE-2020-1573", "CVE-2020-1574", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1580", "CVE-2020-1581", "CVE-2020-1582", "CVE-2020-1583", "CVE-2020-1584", "CVE-2020-1585", "CVE-2020-1587", "CVE-2020-1591", "CVE-2020-1597"], "modified": "2020-08-30T22:13:56", "id": "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E", "href": "http://feedproxy.google.com/~r/avleonov/~3/shc67E2GAnY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
Windows Registry Elevation of Privilege Vulnerability
